summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries Buytaert2005-11-30 20:18:59 (GMT)
committer Dries Buytaert2005-11-30 20:18:59 (GMT)
commit2dbbdbd4826b0cb4dd15603b26fd279daef1d8bf (patch)
tree538f014a6e7ad0fef251239f87d4657eb859370c
parent0f5bdc9c447faee721c4ba828b21a5dd352be4ee (diff)
- Improved the protocol whitelist code.
-rw-r--r--modules/filter.module5
1 files changed, 4 insertions, 1 deletions
diff --git a/modules/filter.module b/modules/filter.module
index dd33dbf..3d16de3 100644
--- a/modules/filter.module
+++ b/modules/filter.module
@@ -1239,7 +1239,10 @@ function filter_xss_bad_protocol($string, $decode = TRUE) {
}
function _filter_xss_bad_protocol($m) {
- static $allowed_protocols = array('http' => TRUE, 'https' => TRUE, 'ftp' => TRUE, 'news' => TRUE, 'nntp' => TRUE, 'telnet' => TRUE, 'gopher' => TRUE, 'mailto' => TRUE, 'e2dk' => TRUE, 'smb' => TRUE, 'irc' => TRUE, 'rsync' => TRUE, 'ssh' => TRUE, 'sftp' => TRUE);
+ static $allowed_protocols;
+ if (!isset($allowed_protocols)) {
+ $allowed_protocols = array_flip(variable_get('filter_allowed_protocols', array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'mailto', 'irc', 'ssh', 'sftp', 'webcal')));
+ }
$string = preg_replace('/\s+/', '', $m[1]);
return isset($allowed_protocols[$string]) ? "$string:" : '';
}