diff options
| -rw-r--r-- | includes/bootstrap.inc | 10 | ||||
| -rw-r--r-- | includes/common.inc | 11 | ||||
| -rw-r--r-- | includes/file.inc | 12 |
3 files changed, 11 insertions, 22 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 2a0f7e52d..34398c727 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -715,16 +715,6 @@ function check_plain($text) { } /** - * Prepare a URL for use in an HTML attribute. Strips harmful protocols. - */ -function check_url($uri) { - $uri = htmlspecialchars($uri, ENT_QUOTES); - $uri = filter_xss_bad_protocol($uri, FALSE); - - return $uri; -} - -/** * Since request_uri() is only available on Apache, we generate an * equivalent using other environment variables. */ diff --git a/includes/common.inc b/includes/common.inc index 08545ce0e..a4d4ad02f 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -692,6 +692,17 @@ function check_file($filename) { } /** + * Prepare a URL for use in an HTML attribute. Strips harmful protocols. + * + */ +function check_url($uri) { + $uri = htmlspecialchars($uri, ENT_QUOTES); + $uri = filter_xss_bad_protocol($uri, FALSE); + + return $uri; +} + +/** * @defgroup format Formatting * @{ * Functions to format numbers, strings, dates, etc. diff --git a/includes/file.inc b/includes/file.inc index 55f7825d5..dca300079 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -391,12 +391,6 @@ function file_save_upload($source, $dest = 0, $replace = FILE_EXISTS_RENAME) { } } - if (!user_access('bypass input data check') && !valid_input_data($file)) { - watchdog('security', t('The file %file has not been saved, because it may contain a possible attempt to exploit or abuse this system.', array('%file' => theme('placeholder', $source))), WATCHDOG_WARNING); - drupal_set_message(t('The file %file has not been saved, because it contains invalid data.', array('%file' => theme('placeholder', $source))), 'error'); - return 0; - } - // Check for file upload errors. switch ($file->error) { case 0: // UPLOAD_ERR_OK: File uploaded successfully @@ -435,12 +429,6 @@ function file_save_upload($source, $dest = 0, $replace = FILE_EXISTS_RENAME) { * @return A string containing the resulting filename or 0 on error */ function file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME) { - if (!user_access('bypass input data check') && !valid_input_data($data)) { - watchdog('security', t('The file has not been saved, because it may contain a possible attempt to exploit or abuse this system.'), WATCHDOG_WARNING); - drupal_set_message(t('The file has not been saved, because it contains invalid data.'), 'error'); - return 0; - } - $temp = file_directory_temp(); $file = tempnam($temp, 'file'); if (!$fp = fopen($file, 'wb')) { |