Commit 39255ea1 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review

Merge "Allow prefixes that end in / to try ? and # as well"

parents ba81f721 c5851d8f
......@@ -1368,11 +1368,15 @@ function update_safe_iframe_regex() {
// in future we may need to be more clever. Admins who know
// what they're doing, and need something fancy, can always
// override this in config.php.
foreach ($prefixes as $r) {
foreach ($prefixes as $key => $r) {
if (!preg_match('/^[a-zA-Z0-9\/\._-]+$/', $r)) {
throw new SystemException('Invalid site passed to update_safe_iframe_regex');
}
if (substr($r, -1) == '/') {
$prefixes[$key] = substr($r, 0, -1) . '($|[/?#])';
}
}
// Allowed iframe URLs should be one of the partial URIs in iframe_source,
// prefaced by http:// or https:// or just // (which is a protocol-relative URL)
$iframeregexp = '%^(http:|https:|)//(' . str_replace('.', '\.', implode('|', $prefixes)) . ')%';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment