This is VERY IMPORTANT fix

Jan is code
format_url function for check
https:// and
http:// protocol but rational chars is no check. Is say if empty, nothing is show in member profile for user_homepage field
but if user enter no valid chars URL type, is still show. E.g:
http://www. ... where is full URL ?

So - I create fix (and include fix for check http and https).

In includes/functions.php file,
find:
1 2 3 4 5 6 7 8 9 10 11
| function format_url($url) { if (empty($url)) { return ''; }
if (!preg_match("/^https?:\/\//i", $url)) { $url = "http://".$url; }
return $url; }
|
replace:
1 2 3 4 5 6 7 8 9 10 11 12 13
| function format_url($url) { $url = preg_replace("/[^a-z0-9\_\-\/\.\:]+/i", "", $url); if (!preg_match("/[a-z0-9]+\.[a-z0-9_-]+\.[a-z]/i", $url)) { return ''; }
if (!preg_match("/^http|https?:\/\//i", $url)) { $url = "http://".$url; } return $url; }
|
After install fix:
1 - No possible for add empty URL, no valid chars or no full URL (http
or https - no matter).
2 - Save ressource for member editprofile page (USERS_TABLE update SQL query). Empty result is no use action for update SQL query.
