Updated html_attr() to not match mailto|tel|about etc

Athlon1600 / php-proxy

A web proxy script written in PHP and built as an alternative to Glype.

https://www.php-proxy.com

MIT License

296 stars 158 forks source link

Updated html_attr() to not match mailto|tel|about etc #58

Closed webaddicto closed 6 years ago

webaddicto commented 7 years ago

Make sure html_attr() does not proxify "mailto:" and similar links:

        if(stripos($url, 'data:') === 0 || stripos($url, 'magnet:') === 0 || stripos($url, 'about:') === 0 || stripos($url, 'javascript:') === 0 || stripos($url, 'mailto:') === 0 || stripos($url, 'tel:') === 0 || stripos($url, 'ios-app:') === 0 || stripos($url, 'android-app:') === 0){
            return $matches[0];
        }

webaddicto commented 6 years ago

@Athlon1600

What do you think about this PR?

Athlon1600 commented 6 years ago

good enough for now. In the future, all those stripos should be replaced with a single starts_with call like this:

starts_with($url, array('mailto:', 'data:', 'about:'))...