Menu
▾
▴
[phpwiki-checkins] SF.net SVN: phpwiki:[10016] trunk/lib
|
From: <var...@us...> - 2017-05-30 14:27:33
|
Revision: 10016
http://sourceforge.net/p/phpwiki/code/10016
Author: vargenau
Date: 2017-05-30 14:27:31 +0000 (Tue, 30 May 2017)
Log Message:
-----------
IsSafeURL: change default value of $http_only from true to false
Modified Paths:
--------------
trunk/lib/plugin/Transclude.php
trunk/lib/stdlib.php
Modified: trunk/lib/plugin/Transclude.php
===================================================================
--- trunk/lib/plugin/Transclude.php 2017-05-30 12:33:34 UTC (rev 10015)
+++ trunk/lib/plugin/Transclude.php 2017-05-30 14:27:31 UTC (rev 10016)
@@ -92,7 +92,7 @@
if ($src == $request->getURLtoSelf()) {
return $this->error(fmt("Recursive inclusion of url %s", $src));
}
- if (!IsSafeURL($src)) {
+ if (!IsSafeURL($src, true)) { // http or https only
return $this->error(_("Bad URL in src"));
}
Modified: trunk/lib/stdlib.php
===================================================================
--- trunk/lib/stdlib.php 2017-05-30 12:33:34 UTC (rev 10015)
+++ trunk/lib/stdlib.php 2017-05-30 14:27:31 UTC (rev 10016)
@@ -355,7 +355,7 @@
* @param bool $http_only if true, accept only http and https URLs
* @return bool true if safe, false else.
*/
-function IsSafeURL($url, $http_only = true)
+function IsSafeURL($url, $http_only = false)
{
if (preg_match('/([<>"])|(%3C)|(%3E)|(%22)/', $url)) {
return false;
@@ -381,7 +381,7 @@
function LinkURL($url, $linktext = '')
{
// FIXME: Is this needed (or sufficient?)
- if (!IsSafeURL($url, false)) {
+ if (!IsSafeURL($url)) {
$link = HTML::span(array('class' => 'error'), _('Bad URL'));
return $link;
} else {
@@ -419,7 +419,7 @@
// Extract URL
$arr = explode(' ', $url);
if (!empty($arr)) $url = $arr[0];
- if (!IsSafeURL($url, false)) {
+ if (!IsSafeURL($url)) {
$link = HTML::span(array('class' => 'error'), _('Bad URL for image'));
return $link;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
