$NetBSD: patch-ah,v 1.1 2008/06/19 14:08:42 taca Exp $

A security fix for HTML filter: http://www.geeklog.net/article.php/kses.
This problem will be fixed in Geeklog 1.5.0.

--- system/classes/kses.class.php.orig	2006-05-15 14:49:44.000000000 +0900
+++ system/classes/kses.class.php
@@ -941,12 +941,12 @@
 			 */
 			function _bad_protocol_once($string)
 			{
-				return preg_replace(
-					'/^((&[^;]*;|[\sA-Za-z0-9])*)'.
-					'(:|&#58;|&#[Xx]3[Aa];)\s*/e',
-					'\$this->_bad_protocol_once2("\\1")',
-					$string
-				);
+                 $string2 = preg_split('/:|&#58;|&#x3a;/i', $string, 2);
+                 if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
+                 {
+                   $string = $this->_bad_protocol_once2($string2[0]).trim($string2[1]);
+                 }
+                 return $string;
 			}
 
 			/**
