This is VERY IMPORTANT fix
Jan is code
format_url function for check
https:// and
http:// protocol but rational chars is no check. Is say if empty, nothing is show in member profile for user_homepage field
but if user enter no valid chars URL type, is still show. E.g:
http://www. ... where is full URL ?
So - I create fix (and include fix for check http and https).
In includes/functions.php file,
find:
1
2
3
4
5
6
7
8
9
10
11
| function format_url($url) {
if (empty($url)) {
return '';
}
if (!preg_match("/^https?:\/\//i", $url)) {
$url = "http://".$url;
}
return $url;
}
|
replace:
1
2
3
4
5
6
7
8
9
10
11
12
13
| function format_url($url) {
$url = preg_replace("/[^a-z0-9\_\-\/\.\:]+/i", "", $url);
if (!preg_match("/[a-z0-9]+\.[a-z0-9_-]+\.[a-z]/i", $url)) {
return '';
}
if (!preg_match("/^http|https?:\/\//i", $url)) {
$url = "http://".$url;
}
return $url;
}
|
After install fix:
1 - No possible for add empty URL, no valid chars or no full URL (http
or https - no matter).
2 - Save ressource for member editprofile page (USERS_TABLE update SQL query). Empty result is no use action for update SQL query.
Author