aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php8
1 files changed, 1 insertions, 7 deletions
diff --git a/index.php b/index.php
index 468dd091..944af674 100644
--- a/index.php
+++ b/index.php
@@ -1237,13 +1237,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1237 // Remove duplicates. 1237 // Remove duplicates.
1238 $tags = implode(' ', array_unique(explode(' ', $tags))); 1238 $tags = implode(' ', array_unique(explode(' ', $tags)));
1239 1239
1240 $url = trim($_POST['lf_url']); 1240 $url = whitelist_protocols(trim($_POST['lf_url']), $conf->get('security.allowed_protocols'));
1241 if (! startsWith($url, 'http:') && ! startsWith($url, 'https:')
1242 && ! startsWith($url, 'ftp:') && ! startsWith($url, 'magnet:')
1243 && ! startsWith($url, '?') && ! startsWith($url, 'javascript:')
1244 ) {
1245 $url = 'http://' . $url;
1246 }
1247 1241
1248 $link = array( 1242 $link = array(
1249 'id' => $id, 1243 'id' => $id,
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 19:21:26 +0000