mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-01 15:50:09 +00:00
Fix for URL sanitization that can lead to cross-site scripting (XSS) attacks.
Props irsdl, sstoqnov, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@45997 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -1664,6 +1664,7 @@ function wp_kses_html_error( $string ) {
|
||||
* @return string Sanitized content.
|
||||
*/
|
||||
function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
|
||||
$string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string );
|
||||
$string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 );
|
||||
if ( isset( $string2[1] ) && ! preg_match( '%/\?%', $string2[0] ) ) {
|
||||
$string = trim( $string2[1] );
|
||||
|
||||
Reference in New Issue
Block a user