From cd354d3a575eb137ba8988c61cff475cb4e66688 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 7 Dec 2016 23:18:10 -0500 Subject: [PATCH] Adding default protocols on missing config value for backward compatibility --- include/bbcode.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/bbcode.php b/include/bbcode.php index 52cfa97c8b..27213007ce 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1169,9 +1169,10 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text); // sanitize href attributes (only whitelisted protocols URLs) - $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array()); + // default value for backward compatibility + $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array('ftp', 'mailto', 'gopher', 'cid')); - // Always allowed protocol even if config isn't set + // Always allowed protocol even if config isn't set or not including it $allowed_link_protocols[] = 'http'; $regex = '#<([^>]*?)(href)="(?!' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism';