function kses_bad_protocol($string, $allowed_protocols) { $string = kses_no_null($string); $string = preg_replace('/\\xad+/', '', $string); # deals with Opera "feature" $string2 = $string . 'a'; while ($string != $string2) { $string2 = $string; $string = kses_bad_protocol_once($string, $allowed_protocols); } # while return $string; }
/** * Sanitize string from bad protocols. * * This function removes all non-allowed protocols from the beginning of * $string. It ignores whitespace and the case of the letters, and it does * understand HTML entities. It does its work in a while loop, so it won't be * fooled by a string like "javascript:javascript:alert(57)". * * @param string $string Content to filter bad protocols from * @param array $allowed_protocols Allowed protocols to keep * @return string Filtered content */ function kses_bad_protocol($string, $allowed_protocols) { $string = kses_no_null($string); $string = preg_replace('/([^\\xc3-\\xcf])\\xad+/', '\\1', $string); // deals with Opera "feature" -- moodle utf8 fix $string2 = $string . 'a'; while ($string != $string2) { $string2 = $string; $string = kses_bad_protocol_once($string, $allowed_protocols); } // while return $string; }
function kses_bad_protocol($string, $allowed_protocols) { $string = kses_no_null($string); $string2 = $string . 'a'; while ($string != $string2) { $string2 = $string; $string = kses_bad_protocol_once($string, $allowed_protocols); } # while return $string; }
function kses_bad_protocol($string, $allowed_protocols) { ############################################################################### # This function removes all non-allowed protocols from the beginning of # $string. It ignores whitespace and the case of the letters, and it does # understand HTML entities. It does its work in a while loop, so it won't be # fooled by a string like "javascript:javascript:alert(57)". ############################################################################### $string = kses_no_null($string); $string = preg_replace('/\\xad+/', '', $string); # deals with Opera "feature" $string2 = $string . 'a'; while ($string != $string2) { $string2 = $string; $string = kses_bad_protocol_once($string, $allowed_protocols); } # while return $string; }