From: garvinhicking Date: Fri, 28 Apr 2006 17:48:17 +0000 (+0000) Subject: allow % X-Git-Tag: 1.0~32 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=4616bbd0645c04c9b15e783f810684be0d7b48d9;p=s9y.git allow % --- diff --git a/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php b/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php index 1716799..ded4d9f 100644 --- a/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php +++ b/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php @@ -149,7 +149,7 @@ class serendipity_event_bbcode extends serendipity_event static $pattern_mail = '([\.\-\+~@_0-9a-z]+?)'; // Only allow strings occuring in URLs: &;?:.-_@/, 0-9, a-z - static $pattern_url = '([@!=~\?:&;0-9a-z#\.\-_\/,]+?)'; + static $pattern_url = '([@!=~\?:&;0-9a-z#\.\-_\/,%]+?)'; // Disallow possibly evil HTML characters which may lead to Javascript XSS: '"(); static $pattern_query = '([^"\'\(\);]+?)';