From c0f8d2a14596be7e2634ba7aeadb33ed712cdaf1 Mon Sep 17 00:00:00 2001
From: Matthieu Marcillaud <marcimat@rezo.net>
Date: Thu, 7 Jul 2016 09:31:12 +0000
Subject: [PATCH] =?UTF-8?q?Compl=C3=A9ter=20r23103=20:=20retirer=20le=20pr?=
 =?UTF-8?q?otocole=20'zip'=20=C3=A9galement,=20et=20phpdoc=20plus=20=C3=A0?=
 =?UTF-8?q?=20jour.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ecrire/inc/utils.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index 71a29e2920..0965b9d738 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -421,16 +421,20 @@ function set_request($var, $val = null, $c = false) {
 
 /**
  * Tester si une URL est absolue
- * on accepte tous les protocoles sauf file:// (on est sur le web quand meme)
+ * 
+ * On est sur le web, on exclut certains protocoles, 
+ * notamment 'file://', 'php://' et d'autres…
+
  * @param string $url
  * @return bool
  */
 function tester_url_absolue($url) {
 	$url = trim($url);
 	if (preg_match(";^([a-z]{3,7}:)?//;Uims", $url, $m)) {
-		if (isset($m[1])
+		if (
+			isset($m[1])
 			and $p = strtolower(rtrim($m[1], ':'))
-			and in_array($p, array('file', 'php', 'zlib', 'glob', 'phar', 'ssh2', 'rar', 'ogg', 'expect'))
+			and in_array($p, array('file', 'php', 'zlib', 'glob', 'phar', 'ssh2', 'rar', 'ogg', 'expect', 'zip'))
 		  ) {
 			return false;
 		}
-- 
GitLab