From b76ecdfdf1cc2d3bf441fd31041eb61c41d5f364 Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Thu, 7 Jul 2016 08:30:53 +0000
Subject: [PATCH] completer r23098 : exclure tous les protocoles qui ne sont
 pas des URL mais que php accepte dans ses fonctions de lecture (guy)

---
 ecrire/inc/utils.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index e494c624df..aaad7d7343 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -427,8 +427,12 @@ function set_request($var, $val = null, $c = false) {
  */
 function tester_url_absolue($url) {
 	$url = trim($url);
-	if (preg_match(";^([a-z]{3,7}:)?//;Uims", $url)
-	  and strncasecmp($url, 'file://', 7)!==0){
+	if (preg_match(";^([a-z]{3,7}:)?//;Uims", $url, $m)) {
+		if (isset($m[1])
+			and in_array(rtrim($m[1], ':'), array('file', 'php', 'zlib', 'glob', 'phar', 'ssh2', 'rar', 'ogg', 'expect'))
+		  ) {
+			return false;
+		}
 		return true;
 	}
 	return false;
-- 
GitLab