Conjunto de cambios 52861f4 en sipes para cord/modules/filter/filter.module


Ignorar:
Fecha y hora:
26/05/2016 19:22:36 (hace 8 años)
Autor:
José Gregorio Puentes <jpuentes@…>
Branches:
stable, version-3.0
Children:
6627152
Parents:
dedbde1
Mensaje:

se actualizo el cord

Fichero:
1 editado

Leyenda

No modificado
Añadido
Eliminado

  • cord/modules/filter/filter.module

    rd7a822e r52861f4  
    12051205
    12061206/**
    1207  * Processes an HTML attribute value and ensures it does not contain an URL
    1208  * with a disallowed protocol (e.g. javascript:)
    1209  *
    1210  * @param $string
    1211  *   The string with the attribute value.
    1212  * @param $decode
    1213  *   Whether to decode entities in the $string. Set to FALSE if the $string
    1214  *   is in plain text, TRUE otherwise. Defaults to TRUE.
    1215  * @return
    1216  *   Cleaned up and HTML-escaped version of $string.
    1217  */
    1218 function filter_xss_bad_protocol($string, $decode = TRUE) {
    1219   static $allowed_protocols;
    1220   if (!isset($allowed_protocols)) {
    1221     $allowed_protocols = array_flip(variable_get('filter_allowed_protocols', array('http', 'https', 'ftp', 'news', 'nntp', 'tel', 'telnet', 'mailto', 'irc', 'ssh', 'sftp', 'webcal', 'rtsp')));
    1222   }
    1223 
    1224   // Get the plain text representation of the attribute value (i.e. its meaning).
    1225   if ($decode) {
    1226     $string = decode_entities($string);
    1227   }
    1228 
    1229   // Iteratively remove any invalid protocol found.
    1230 
    1231   do {
    1232     $before = $string;
    1233     $colonpos = strpos($string, ':');
    1234     if ($colonpos > 0) {
    1235       // We found a colon, possibly a protocol. Verify.
    1236       $protocol = substr($string, 0, $colonpos);
    1237       // If a colon is preceded by a slash, question mark or hash, it cannot
    1238       // possibly be part of the URL scheme. This must be a relative URL,
    1239       // which inherits the (safe) protocol of the base document.
    1240       if (preg_match('![/?#]!', $protocol)) {
    1241         break;
    1242       }
    1243       // Per RFC2616, section 3.2.3 (URI Comparison) scheme comparison must be case-insensitive
    1244       // Check if this is a disallowed protocol.
    1245       if (!isset($allowed_protocols[strtolower($protocol)])) {
    1246         $string = substr($string, $colonpos + 1);
    1247       }
    1248     }
    1249   } while ($before != $string);
    1250   return check_plain($string);
    1251 }
    1252 
    1253 /**
    12541207 * @} End of "Standard filters".
    12551208 */
Nota: Vea TracChangeset para ayuda en el uso del visor de conjuntos de cambios.