"dob" is not a date field, so the changes are reverted

[friendica.git] / include / bbcode.php

diff --git a/include/bbcode.php b/include/bbcode.php
index c05173f47c559782cf8f1ad401f415112a82e1bf..489ef8b2e38e0b7680a701538dad49533305663e 100644 (file)
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -343,7 +343,7 @@ function bb_replace_images($body, $images) {
        $newbody = $body;
 
        $cnt = 0;
-       foreach($images as $image) {
+       foreach ($images as $image) {
                // We're depending on the property of 'foreach' (specified on the PHP website) that
                // it loops over the array starting from the first element and going sequentially
                // to the last element
@@ -1163,8 +1163,10 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
        // fix any escaped ampersands that may have been converted into links
        $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
 
-       // sanitizes src attributes (only relative redir URIs or http URLs)
-       $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text);
+       // sanitizes src attributes (http and redir URLs for displaying in a web page, cid used for inline images in emails)
+       static $allowed_src_protocols = array('http', 'redir', 'cid');
+       $Text = preg_replace('#<([^>]*?)(src)="(?!' . implode('|', $allowed_src_protocols) . ')(.*?)"(.*?)>#ism',
+                            '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text);
 
        // sanitize href attributes (only whitelisted protocols URLs)
        // default value for backward compatibility