diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2017-12-31 16:37:58 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-12-31 16:37:58 +0100 |
| commit | 7dfd57077a31d67dc18af9802f826da6b015d8fe (patch) | |
| tree | 8e4c820119186dbb54bafc54ec755f35e9ccb21d /phpBB/develop/regex_idn.php | |
| parent | 92350db572f3814630f5bb6e609d503ffd2c4bd5 (diff) | |
| parent | 342a7cbd55829283663ad6ba29f924eeb53fca38 (diff) | |
| download | forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.tar forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.tar.gz forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.tar.bz2 forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.tar.xz forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.zip | |
Merge pull request #40 from phpbb/ticket/security/211
[ticket/security/211] Make sure website URL only uses http & https schemes
Diffstat (limited to 'phpBB/develop/regex_idn.php')
| -rw-r--r-- | phpBB/develop/regex_idn.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/develop/regex_idn.php b/phpBB/develop/regex_idn.php index d871695c50..30373f8de3 100644 --- a/phpBB/develop/regex_idn.php +++ b/phpBB/develop/regex_idn.php @@ -120,7 +120,7 @@ do $pct_encoded = "%[\dA-F]{2}"; $unreserved = "$add_chars\pL0-9\-._~"; $sub_delims = ($inline) ? '!$&\'(*+,;=' : '!$&\'()*+,;='; - $scheme = ($inline) ? '[a-z][a-z\d+]*': '[a-z][a-z\d+\-.]*' ; // avoid automatic parsing of "word" in "last word.http://..." + $scheme = ($inline) ? '[a-z][a-z\d+]*(?<!javascript)': '[a-z][a-z\d+\-.]*(?<!javascript)' ; // avoid automatic parsing of "word" in "last word.http://..." $pchar = "(?:[^$remove_chars]*[$unreserved$sub_delims:@|]+|$pct_encoded)"; // rfc: no "|" $reg_name = "(?:[^$remove_chars]*[$unreserved$sub_delims:@|]+|$pct_encoded)+"; // rfc: * instead of + and no "|" and no "@" and no ":" (included instead of userinfo) |