diff options
-rw-r--r-- | include/bbcode.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 32354aeda..c7bee6f97 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1127,9 +1127,9 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism", '<$1$2=$3&$4>', $Text); // This is subtle - it's an XSS filter. It only accepts links with a protocol scheme and where - // the scheme begins with z (zhttp), h (http(s)), f (ftp), m (mailto), and named anchors. + // the scheme begins with z (zhttp), h (http(s)), f (ftp(s)), m (mailto), t (tel) and named anchors. - $Text = preg_replace("/\<(.*?)(src|href)=\"[^zhfm#](.*?)\>/ism", '<$1$2="">', $Text); + $Text = preg_replace("/\<(.*?)(src|href)=\"[^zhfmt#](.*?)\>/ism", '<$1$2="">', $Text); $Text = bb_replace_images($Text, $saved_images); |