Explicitly list protocols that are allowed, rather than using their initials. Also, add cid, which I need for my mailstream plugin to work.

This commit is contained in:
Matthew Exon 2013-03-08 08:38:25 +01:00 committed by Matthew Exon
parent ce7217c8f6
commit 4df162d929

View file

@ -643,7 +643,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
// fix any escaped ampersands that may have been converted into links
$Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text);
$Text = preg_replace("/\<([^>]*?)(src|href)=\"[^hfm](.*?)\>/ism",'<$1$2="">',$Text);
$Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|cid)(.*?)\>/ism",'<$1$2="">',$Text);
if($saved_image)
$Text = bb_replace_images($Text, $saved_image);