From c34c29d9350c441177b3b6d07fa80e755c5cef01 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Tue, 2 Jan 2007 21:22:41 +0000
Subject: [PATCH] Add kses protocol checking to clean_url.  Props Andy.  fixes
 #3515

git-svn-id: https://develop.svn.wordpress.org/trunk@4672 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/formatting.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 892009efa7..de6f1e8061 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -1056,7 +1056,7 @@ function wp_richedit_pre($text) {
 	return apply_filters('richedit_pre', $output);
 }
 
-function clean_url( $url ) {
+function clean_url( $url, $protocols = null ) {
 	if ('' == $url) return $url;
 	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%]|i', '', $url);
 	$strip = array('%0d', '%0a');
@@ -1064,6 +1064,10 @@ function clean_url( $url ) {
 	$url = str_replace(';//', '://', $url);
 	$url = (!strstr($url, '://')) ? 'http://'.$url : $url;
 	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
+	if ( !is_array($protocols) )
+		$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); 
+	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
+		return '';
 	return $url;
 }