WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Some sanity checks for parse_url in do_enclose. props miqrogroove, fixes #11029 

git-svn-id: http://svn.automattic.com/wordpress/trunk@14116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2010-04-16 19:48:30 +00:00
parent e01a4333cd
commit f07882dfba
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/functions.php
View File

@ -1197,7 +1197,9 @@ function do_enclose( $content, $post_ID ) {
foreach ( (array) $post_links_temp[0] as $link_test ) { foreach ( (array) $post_links_temp[0] as $link_test ) {
if ( !in_array( $link_test, $pung ) ) { // If we haven't pung it already if ( !in_array( $link_test, $pung ) ) { // If we haven't pung it already
$test = parse_url( $link_test ); $test = @parse_url( $link_test );
if ( false === $test )
continue;
if ( isset( $test['query'] ) ) if ( isset( $test['query'] ) )
$post_links[] = $link_test; $post_links[] = $link_test;
elseif ( $test['path'] != '/' && $test['path'] != '' ) elseif ( $test['path'] != '/' && $test['path'] != '' )
@ -1215,7 +1217,8 @@ function do_enclose( $content, $post_ID ) {
// Check to see if we can figure out the mime type from // Check to see if we can figure out the mime type from
// the extension // the extension
$url_parts = parse_url( $url ); $url_parts = @parse_url( $url );
if ( false !== $url_parts ) {
$extension = pathinfo( $url_parts['path'], PATHINFO_EXTENSION ); $extension = pathinfo( $url_parts['path'], PATHINFO_EXTENSION );
if ( !empty( $extension ) ) { if ( !empty( $extension ) ) {
foreach ( get_allowed_mime_types( ) as $exts => $mime ) { foreach ( get_allowed_mime_types( ) as $exts => $mime ) {
@ -1225,6 +1228,7 @@ function do_enclose( $content, $post_ID ) {
} }
} }
} }
}
if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
$meta_value = "$url\n$len\n$type\n"; $meta_value = "$url\n$len\n$type\n";