The link formatting code had several security holes, and some incorrect regular expressions.  The changes on this page fix these problems:
	- external links are only allowed to well known schemes: ##http:##, ##https:## and ##ftp:##; this fixes all bugs where links have the form ##javascript:...##
	- ##formatter/wakka.php## had its own link formatter for some links; this removes another avenue for bugs

This also adds two features I like:
	- external links have their own CSS class, so you can style them differently
	- external links are followed by a little mark (a small superscripted infinity sign) so you can easily tell which links go off-site.

**Enjoy!** --""MarkLentczner""
----
==== wakka.php ====
Change the function **Link** to
	%%	function Link($tag, $method = "", $text = "", $track = 1) {
		if (!$text) $text = $tag;
		$text = htmlspecialchars($text);
		
		$url = '';
		
		if (preg_match("/^([A-Z][a-zA-Z]+):([^\\s\"<>&]+)$/", $tag, $matches))
		{
			$url = $this->GetInterWikiUrl($matches[1], $matches[2]);
		}
		else if (preg_match("/^(http|https|ftp):\/\/([^\\s\"<>&]+)$/", $tag))
		{
			$url = $tag; // this is a vaild external URL
		}	
		else if (preg_match("/^[^\\s\"<>&]+\@[^\\s\"<>&]+$/", $tag))
		{
			$url = "mailto:".$tag;
		}
		else if (preg_match("/^([-A-Za-z0-9_]+\\.)+[A-Za-z][-A-Za-z0-9_]+$/", $tag))
		{
			$url = "http://".$tag;
		}
		elseif (preg_match("/^[A-Za-z0-9]+$/", $tag))
		{
			// it's a Wakka link!
			if ($_SESSION["linktracking"] && $track) $this->TrackLinkTo($tag);
			return ($this->LoadPage($tag) ? "<a href=\"".$this->href($method, $tag)."\">".$text."</a>" : "<span class=\"missingpage\">".$text."</span><a href=\"".$this->href("edit", $tag)."\">?</a>");
		}

		$tail = "<span class=\"exttail\">&#8734;</span>"; // set this to the empty string if you don't like it
		return $url ? "<a class=\"ext\" href=\"$url\">$text</a>$tail" : $text;
	}
	%%

Change the function **IsWikiName** to
	%%	function IsWikiName($text) { return preg_match("/^[A-Z][a-z]+[A-Z0-9][A-Za-z0-9]*$/", $text); }
	%%

While you're at it, fix the bug with link tracking in headers and footers (these links shouldn't count as back links to a page):
	%%	function Header() { return $this->Action($this->GetConfigValue("header_action"), 0); }
	function Footer() { return $this->Action($this->GetConfigValue("footer_action"), 0); }
	%%

----
==== formatters/wakka.php ====
Make this patch:
	%%@@ -57,1 +57,1 @@
-			return "<a href=\"$url\">$url</a>".$matches[2];
+			return $wakka->Link($url).$matches[2];
	%%

----
====css/wakka.css====
Add these CSS classes, editing to suit your taste:
	%%a.ext {
	color: #933;
}

.exttail {
	color: #999;
	position: relative;
	bottom: 0.5ex;
}
	%%