General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds. - Editor: Prevent HTML decoding on by setting the proper editor context. - Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters. - Themes: Ensure a broken theme name is returned properly. - Administration: Add a new filter to extend set-screen-option. Merges [47948-47951] to the 5.2 branch. Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake. Built from https://develop.svn.wordpress.org/branches/5.2@47960 git-svn-id: http://core.svn.wordpress.org/branches/5.2@47732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
ff95ac1af3
commit
0d6541c100
|
@ -3057,7 +3057,7 @@ function edit_form_image_editor( $post ) {
|
|||
}
|
||||
?>
|
||||
</label>
|
||||
<?php wp_editor( $post->post_content, 'attachment_content', $editor_args ); ?>
|
||||
<?php wp_editor( format_to_edit( $post->post_content ), 'attachment_content', $editor_args ); ?>
|
||||
|
||||
</div>
|
||||
<?php
|
||||
|
|
|
@ -639,6 +639,7 @@ function set_screen_options() {
|
|||
}
|
||||
break;
|
||||
default:
|
||||
if ( '_page' === substr( $option, -5 ) || 'layout_columns' === $option ) {
|
||||
/**
|
||||
* Filters a screen option value before it is set.
|
||||
*
|
||||
|
@ -648,14 +649,36 @@ function set_screen_options() {
|
|||
* Returning false to the filter will skip saving the current option.
|
||||
*
|
||||
* @since 2.8.0
|
||||
* @since 5.4.2 Only applied to options ending with '_page',
|
||||
* or the 'layout_columns' option.
|
||||
*
|
||||
* @see set_screen_options()
|
||||
*
|
||||
* @param bool $keep Whether to save or skip saving the screen option value. Default false.
|
||||
* @param bool $keep Whether to save or skip saving the screen option value.
|
||||
* Default false.
|
||||
* @param string $option The option name.
|
||||
* @param int $value The number of rows to use.
|
||||
*/
|
||||
$value = apply_filters( 'set-screen-option', false, $option, $value );
|
||||
$value = apply_filters( 'set-screen-option', false, $option, $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters a screen option value before it is set.
|
||||
*
|
||||
* The dynamic portion of the hook, `$option`, refers to the option name.
|
||||
*
|
||||
* Returning false to the filter will skip saving the current option.
|
||||
*
|
||||
* @since 5.4.2
|
||||
*
|
||||
* @see set_screen_options()
|
||||
*
|
||||
* @param bool $keep Whether to save or skip saving the screen option value.
|
||||
* Default false.
|
||||
* @param string $option The option name.
|
||||
* @param int $value The number of rows to use.
|
||||
*/
|
||||
$value = apply_filters( "set_screen_option_{$option}", false, $option, $value );
|
||||
|
||||
if ( false === $value ) {
|
||||
return;
|
||||
|
|
|
@ -396,7 +396,7 @@ if ( ! is_multisite() && current_user_can( 'edit_themes' ) && $broken_themes = w
|
|||
</tr>
|
||||
<?php foreach ( $broken_themes as $broken_theme ) : ?>
|
||||
<tr>
|
||||
<td><?php echo $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : $broken_theme->get_stylesheet(); ?></td>
|
||||
<td><?php echo $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : esc_html( $broken_theme->get_stylesheet() ); ?></td>
|
||||
<td><?php echo $broken_theme->errors()->get_error_message(); ?></td>
|
||||
<?php
|
||||
if ( $can_resume ) {
|
||||
|
|
|
@ -80,7 +80,7 @@ function render_block_core_rss( $attributes ) {
|
|||
}
|
||||
|
||||
$classes = 'grid' === $attributes['blockLayout'] ? ' is-grid columns-' . $attributes['columns'] : '';
|
||||
$list_items_markup = "<ul class='wp-block-rss{$classes}'>{$list_items}</ul>";
|
||||
$list_items_markup = sprintf( "<ul class='%s'>%s</ul>", esc_attr( $class ), $list_items );
|
||||
|
||||
// PHP 5.2 compatibility. See: http://simplepie.org/wiki/faq/i_m_getting_memory_leaks.
|
||||
$rss->__destruct();
|
||||
|
|
|
@ -46,7 +46,7 @@ function render_block_core_search( $attributes ) {
|
|||
|
||||
return sprintf(
|
||||
'<form class="%s" role="search" method="get" action="%s">%s</form>',
|
||||
$class,
|
||||
esc_attr( $class ),
|
||||
esc_url( home_url( '/' ) ),
|
||||
$label_markup . $input_markup . $button_markup
|
||||
);
|
||||
|
|
|
@ -573,8 +573,8 @@ add_filter( 'the_excerpt_embed', 'wpautop' );
|
|||
add_filter( 'the_excerpt_embed', 'shortcode_unautop' );
|
||||
add_filter( 'the_excerpt_embed', 'wp_embed_excerpt_attachment' );
|
||||
|
||||
add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 5, 3 );
|
||||
add_filter( 'oembed_dataparse', 'wp_filter_oembed_result', 10, 3 );
|
||||
add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 20, 3 );
|
||||
add_filter( 'oembed_response_data', 'get_oembed_response_data_rich', 10, 4 );
|
||||
add_filter( 'pre_oembed_result', 'wp_filter_pre_oembed_result', 10, 3 );
|
||||
|
||||
|
|
|
@ -797,11 +797,24 @@ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) {
|
|||
|
||||
$title = ! empty( $data->title ) ? $data->title : '';
|
||||
|
||||
$pattern = '`<iframe[^>]*?title=(\\\\\'|\\\\"|[\'"])([^>]*?)\1`i';
|
||||
$has_title_attr = preg_match( $pattern, $result, $matches );
|
||||
$pattern = '`<iframe([^>]*)>`i';
|
||||
if ( preg_match( $pattern, $result, $matches ) ) {
|
||||
$attrs = wp_kses_hair( $matches[1], wp_allowed_protocols() );
|
||||
|
||||
if ( $has_title_attr && ! empty( $matches[2] ) ) {
|
||||
$title = $matches[2];
|
||||
foreach ( $attrs as $attr => $item ) {
|
||||
$lower_attr = strtolower( $attr );
|
||||
if ( $lower_attr === $attr ) {
|
||||
continue;
|
||||
}
|
||||
if ( ! isset( $attrs[ $lower_attr ] ) ) {
|
||||
$attrs[ $lower_attr ] = $item;
|
||||
unset( $attrs[ $attr ] );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! empty( $attrs['title']['value'] ) ) {
|
||||
$title = $attrs['title']['value'];
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -820,11 +833,11 @@ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) {
|
|||
return $result;
|
||||
}
|
||||
|
||||
if ( $has_title_attr ) {
|
||||
// Remove the old title, $matches[1]: quote, $matches[2]: title attribute value.
|
||||
$result = str_replace( ' title=' . $matches[1] . $matches[2] . $matches[1], '', $result );
|
||||
if ( isset( $attrs['title'] ) ) {
|
||||
unset( $attrs['title'] );
|
||||
$attr_string = join( ' ', wp_list_pluck( $attrs, 'whole' ) );
|
||||
$result = str_replace( $matches[0], '<iframe ' . trim( $attr_string ) . '>', $result );
|
||||
}
|
||||
|
||||
return str_ireplace( '<iframe ', sprintf( '<iframe title="%s" ', esc_attr( $title ) ), $result );
|
||||
}
|
||||
|
||||
|
|
|
@ -90,157 +90,182 @@ this["wp"] = this["wp"] || {}; this["wp"]["i18n"] =
|
|||
/***/ 137:
|
||||
/***/ (function(module, exports, __webpack_require__) {
|
||||
|
||||
(function(window) {
|
||||
var __WEBPACK_AMD_DEFINE_RESULT__;/* global window, exports, define */
|
||||
|
||||
!function() {
|
||||
'use strict'
|
||||
|
||||
var re = {
|
||||
not_string: /[^s]/,
|
||||
not_bool: /[^t]/,
|
||||
not_type: /[^T]/,
|
||||
not_primitive: /[^v]/,
|
||||
number: /[diefg]/,
|
||||
numeric_arg: /[bcdiefguxX]/,
|
||||
json: /[j]/,
|
||||
not_json: /[^j]/,
|
||||
text: /^[^\x25]+/,
|
||||
modulo: /^\x25{2}/,
|
||||
placeholder: /^\x25(?:([1-9]\d*)\$|\(([^\)]+)\))?(\+)?(0|'[^$])?(-)?(\d+)?(?:\.(\d+))?([b-gijosuxX])/,
|
||||
placeholder: /^\x25(?:([1-9]\d*)\$|\(([^)]+)\))?(\+)?(0|'[^$])?(-)?(\d+)?(?:\.(\d+))?([b-gijostTuvxX])/,
|
||||
key: /^([a-z_][a-z_\d]*)/i,
|
||||
key_access: /^\.([a-z_][a-z_\d]*)/i,
|
||||
index_access: /^\[(\d+)\]/,
|
||||
sign: /^[\+\-]/
|
||||
sign: /^[+-]/
|
||||
}
|
||||
|
||||
function sprintf() {
|
||||
var key = arguments[0], cache = sprintf.cache
|
||||
if (!(cache[key] && cache.hasOwnProperty(key))) {
|
||||
cache[key] = sprintf.parse(key)
|
||||
}
|
||||
return sprintf.format.call(null, cache[key], arguments)
|
||||
function sprintf(key) {
|
||||
// `arguments` is not an array, but should be fine for this call
|
||||
return sprintf_format(sprintf_parse(key), arguments)
|
||||
}
|
||||
|
||||
sprintf.format = function(parse_tree, argv) {
|
||||
var cursor = 1, tree_length = parse_tree.length, node_type = "", arg, output = [], i, k, match, pad, pad_character, pad_length, is_positive = true, sign = ""
|
||||
function vsprintf(fmt, argv) {
|
||||
return sprintf.apply(null, [fmt].concat(argv || []))
|
||||
}
|
||||
|
||||
function sprintf_format(parse_tree, argv) {
|
||||
var cursor = 1, tree_length = parse_tree.length, arg, output = '', i, k, ph, pad, pad_character, pad_length, is_positive, sign
|
||||
for (i = 0; i < tree_length; i++) {
|
||||
node_type = get_type(parse_tree[i])
|
||||
if (node_type === "string") {
|
||||
output[output.length] = parse_tree[i]
|
||||
if (typeof parse_tree[i] === 'string') {
|
||||
output += parse_tree[i]
|
||||
}
|
||||
else if (node_type === "array") {
|
||||
match = parse_tree[i] // convenience purposes only
|
||||
if (match[2]) { // keyword argument
|
||||
else if (typeof parse_tree[i] === 'object') {
|
||||
ph = parse_tree[i] // convenience purposes only
|
||||
if (ph.keys) { // keyword argument
|
||||
arg = argv[cursor]
|
||||
for (k = 0; k < match[2].length; k++) {
|
||||
if (!arg.hasOwnProperty(match[2][k])) {
|
||||
throw new Error(sprintf("[sprintf] property '%s' does not exist", match[2][k]))
|
||||
for (k = 0; k < ph.keys.length; k++) {
|
||||
if (arg == undefined) {
|
||||
throw new Error(sprintf('[sprintf] Cannot access property "%s" of undefined value "%s"', ph.keys[k], ph.keys[k-1]))
|
||||
}
|
||||
arg = arg[match[2][k]]
|
||||
arg = arg[ph.keys[k]]
|
||||
}
|
||||
}
|
||||
else if (match[1]) { // positional argument (explicit)
|
||||
arg = argv[match[1]]
|
||||
else if (ph.param_no) { // positional argument (explicit)
|
||||
arg = argv[ph.param_no]
|
||||
}
|
||||
else { // positional argument (implicit)
|
||||
arg = argv[cursor++]
|
||||
}
|
||||
|
||||
if (get_type(arg) == "function") {
|
||||
if (re.not_type.test(ph.type) && re.not_primitive.test(ph.type) && arg instanceof Function) {
|
||||
arg = arg()
|
||||
}
|
||||
|
||||
if (re.not_string.test(match[8]) && re.not_json.test(match[8]) && (get_type(arg) != "number" && isNaN(arg))) {
|
||||
throw new TypeError(sprintf("[sprintf] expecting number but found %s", get_type(arg)))
|
||||
if (re.numeric_arg.test(ph.type) && (typeof arg !== 'number' && isNaN(arg))) {
|
||||
throw new TypeError(sprintf('[sprintf] expecting number but found %T', arg))
|
||||
}
|
||||
|
||||
if (re.number.test(match[8])) {
|
||||
if (re.number.test(ph.type)) {
|
||||
is_positive = arg >= 0
|
||||
}
|
||||
|
||||
switch (match[8]) {
|
||||
case "b":
|
||||
arg = arg.toString(2)
|
||||
switch (ph.type) {
|
||||
case 'b':
|
||||
arg = parseInt(arg, 10).toString(2)
|
||||
break
|
||||
case "c":
|
||||
arg = String.fromCharCode(arg)
|
||||
case 'c':
|
||||
arg = String.fromCharCode(parseInt(arg, 10))
|
||||
break
|
||||
case "d":
|
||||
case "i":
|
||||
case 'd':
|
||||
case 'i':
|
||||
arg = parseInt(arg, 10)
|
||||
break
|
||||
case "j":
|
||||
arg = JSON.stringify(arg, null, match[6] ? parseInt(match[6]) : 0)
|
||||
case 'j':
|
||||
arg = JSON.stringify(arg, null, ph.width ? parseInt(ph.width) : 0)
|
||||
break
|
||||
case "e":
|
||||
arg = match[7] ? arg.toExponential(match[7]) : arg.toExponential()
|
||||
case 'e':
|
||||
arg = ph.precision ? parseFloat(arg).toExponential(ph.precision) : parseFloat(arg).toExponential()
|
||||
break
|
||||
case "f":
|
||||
arg = match[7] ? parseFloat(arg).toFixed(match[7]) : parseFloat(arg)
|
||||
case 'f':
|
||||
arg = ph.precision ? parseFloat(arg).toFixed(ph.precision) : parseFloat(arg)
|
||||
break
|
||||
case "g":
|
||||
arg = match[7] ? parseFloat(arg).toPrecision(match[7]) : parseFloat(arg)
|
||||
case 'g':
|
||||
arg = ph.precision ? String(Number(arg.toPrecision(ph.precision))) : parseFloat(arg)
|
||||
break
|
||||
case "o":
|
||||
arg = arg.toString(8)
|
||||
case 'o':
|
||||
arg = (parseInt(arg, 10) >>> 0).toString(8)
|
||||
break
|
||||
case "s":
|
||||
arg = ((arg = String(arg)) && match[7] ? arg.substring(0, match[7]) : arg)
|
||||
case 's':
|
||||
arg = String(arg)
|
||||
arg = (ph.precision ? arg.substring(0, ph.precision) : arg)
|
||||
break
|
||||
case "u":
|
||||
arg = arg >>> 0
|
||||
case 't':
|
||||
arg = String(!!arg)
|
||||
arg = (ph.precision ? arg.substring(0, ph.precision) : arg)
|
||||
break
|
||||
case "x":
|
||||
arg = arg.toString(16)
|
||||
case 'T':
|
||||
arg = Object.prototype.toString.call(arg).slice(8, -1).toLowerCase()
|
||||
arg = (ph.precision ? arg.substring(0, ph.precision) : arg)
|
||||
break
|
||||
case "X":
|
||||
arg = arg.toString(16).toUpperCase()
|
||||
case 'u':
|
||||
arg = parseInt(arg, 10) >>> 0
|
||||
break
|
||||
case 'v':
|
||||
arg = arg.valueOf()
|
||||
arg = (ph.precision ? arg.substring(0, ph.precision) : arg)
|
||||
break
|
||||
case 'x':
|
||||
arg = (parseInt(arg, 10) >>> 0).toString(16)
|
||||
break
|
||||
case 'X':
|
||||
arg = (parseInt(arg, 10) >>> 0).toString(16).toUpperCase()
|
||||
break
|
||||
}
|
||||
if (re.json.test(match[8])) {
|
||||
output[output.length] = arg
|
||||
if (re.json.test(ph.type)) {
|
||||
output += arg
|
||||
}
|
||||
else {
|
||||
if (re.number.test(match[8]) && (!is_positive || match[3])) {
|
||||
sign = is_positive ? "+" : "-"
|
||||
arg = arg.toString().replace(re.sign, "")
|
||||
if (re.number.test(ph.type) && (!is_positive || ph.sign)) {
|
||||
sign = is_positive ? '+' : '-'
|
||||
arg = arg.toString().replace(re.sign, '')
|
||||
}
|
||||
else {
|
||||
sign = ""
|
||||
sign = ''
|
||||
}
|
||||
pad_character = match[4] ? match[4] === "0" ? "0" : match[4].charAt(1) : " "
|
||||
pad_length = match[6] - (sign + arg).length
|
||||
pad = match[6] ? (pad_length > 0 ? str_repeat(pad_character, pad_length) : "") : ""
|
||||
output[output.length] = match[5] ? sign + arg + pad : (pad_character === "0" ? sign + pad + arg : pad + sign + arg)
|
||||
pad_character = ph.pad_char ? ph.pad_char === '0' ? '0' : ph.pad_char.charAt(1) : ' '
|
||||
pad_length = ph.width - (sign + arg).length
|
||||
pad = ph.width ? (pad_length > 0 ? pad_character.repeat(pad_length) : '') : ''
|
||||
output += ph.align ? sign + arg + pad : (pad_character === '0' ? sign + pad + arg : pad + sign + arg)
|
||||
}
|
||||
}
|
||||
}
|
||||
return output.join("")
|
||||
return output
|
||||
}
|
||||
|
||||
sprintf.cache = {}
|
||||
var sprintf_cache = Object.create(null)
|
||||
|
||||
sprintf.parse = function(fmt) {
|
||||
var _fmt = fmt, match = [], parse_tree = [], arg_names = 0
|
||||
function sprintf_parse(fmt) {
|
||||
if (sprintf_cache[fmt]) {
|
||||
return sprintf_cache[fmt]
|
||||
}
|
||||
|
||||
var _fmt = fmt, match, parse_tree = [], arg_names = 0
|
||||
while (_fmt) {
|
||||
if ((match = re.text.exec(_fmt)) !== null) {
|
||||
parse_tree[parse_tree.length] = match[0]
|
||||
parse_tree.push(match[0])
|
||||
}
|
||||
else if ((match = re.modulo.exec(_fmt)) !== null) {
|
||||
parse_tree[parse_tree.length] = "%"
|
||||
parse_tree.push('%')
|
||||
}
|
||||
else if ((match = re.placeholder.exec(_fmt)) !== null) {
|
||||
if (match[2]) {
|
||||
arg_names |= 1
|
||||
var field_list = [], replacement_field = match[2], field_match = []
|
||||
if ((field_match = re.key.exec(replacement_field)) !== null) {
|
||||
field_list[field_list.length] = field_match[1]
|
||||
while ((replacement_field = replacement_field.substring(field_match[0].length)) !== "") {
|
||||
field_list.push(field_match[1])
|
||||
while ((replacement_field = replacement_field.substring(field_match[0].length)) !== '') {
|
||||
if ((field_match = re.key_access.exec(replacement_field)) !== null) {
|
||||
field_list[field_list.length] = field_match[1]
|
||||
field_list.push(field_match[1])
|
||||
}
|
||||
else if ((field_match = re.index_access.exec(replacement_field)) !== null) {
|
||||
field_list[field_list.length] = field_match[1]
|
||||
field_list.push(field_match[1])
|
||||
}
|
||||
else {
|
||||
throw new SyntaxError("[sprintf] failed to parse named argument key")
|
||||
throw new SyntaxError('[sprintf] failed to parse named argument key')
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
throw new SyntaxError("[sprintf] failed to parse named argument key")
|
||||
throw new SyntaxError('[sprintf] failed to parse named argument key')
|
||||
}
|
||||
match[2] = field_list
|
||||
}
|
||||
|
@ -248,44 +273,55 @@ this["wp"] = this["wp"] || {}; this["wp"]["i18n"] =
|
|||
arg_names |= 2
|
||||
}
|
||||
if (arg_names === 3) {
|
||||
throw new Error("[sprintf] mixing positional and named placeholders is not (yet) supported")
|
||||
throw new Error('[sprintf] mixing positional and named placeholders is not (yet) supported')
|
||||
}
|
||||
parse_tree[parse_tree.length] = match
|
||||
|
||||
parse_tree.push(
|
||||
{
|
||||
placeholder: match[0],
|
||||
param_no: match[1],
|
||||
keys: match[2],
|
||||
sign: match[3],
|
||||
pad_char: match[4],
|
||||
align: match[5],
|
||||
width: match[6],
|
||||
precision: match[7],
|
||||
type: match[8]
|
||||
}
|
||||
)
|
||||
}
|
||||
else {
|
||||
throw new SyntaxError("[sprintf] unexpected placeholder")
|
||||
throw new SyntaxError('[sprintf] unexpected placeholder')
|
||||
}
|
||||
_fmt = _fmt.substring(match[0].length)
|
||||
}
|
||||
return parse_tree
|
||||
}
|
||||
|
||||
var vsprintf = function(fmt, argv, _argv) {
|
||||
_argv = (argv || []).slice(0)
|
||||
_argv.splice(0, 0, fmt)
|
||||
return sprintf.apply(null, _argv)
|
||||
}
|
||||
|
||||
/**
|
||||
* helpers
|
||||
*/
|
||||
function get_type(variable) {
|
||||
return Object.prototype.toString.call(variable).slice(8, -1).toLowerCase()
|
||||
}
|
||||
|
||||
function str_repeat(input, multiplier) {
|
||||
return Array(multiplier + 1).join(input)
|
||||
return sprintf_cache[fmt] = parse_tree
|
||||
}
|
||||
|
||||
/**
|
||||
* export to either browser or node.js
|
||||
*/
|
||||
/* eslint-disable quote-props */
|
||||
if (true) {
|
||||
exports.sprintf = sprintf
|
||||
exports.vsprintf = vsprintf
|
||||
exports['sprintf'] = sprintf
|
||||
exports['vsprintf'] = vsprintf
|
||||
}
|
||||
else {}
|
||||
})(typeof window === "undefined" ? this : window);
|
||||
if (typeof window !== 'undefined') {
|
||||
window['sprintf'] = sprintf
|
||||
window['vsprintf'] = vsprintf
|
||||
|
||||
if (true) {
|
||||
!(__WEBPACK_AMD_DEFINE_RESULT__ = (function() {
|
||||
return {
|
||||
'sprintf': sprintf,
|
||||
'vsprintf': vsprintf
|
||||
}
|
||||
}).call(exports, __webpack_require__, exports, module),
|
||||
__WEBPACK_AMD_DEFINE_RESULT__ !== undefined && (module.exports = __WEBPACK_AMD_DEFINE_RESULT__))
|
||||
}
|
||||
}
|
||||
/* eslint-enable quote-props */
|
||||
}(); // eslint-disable-line
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
@ -767,7 +803,7 @@ Tannin.prototype.dcnpgettext = function( domain, context, singular, plural, n )
|
|||
var memize = __webpack_require__(41);
|
||||
var memize_default = /*#__PURE__*/__webpack_require__.n(memize);
|
||||
|
||||
// EXTERNAL MODULE: ./node_modules/sprintf-js/src/sprintf.js
|
||||
// EXTERNAL MODULE: ./node_modules/@wordpress/i18n/node_modules/sprintf-js/src/sprintf.js
|
||||
var sprintf = __webpack_require__(137);
|
||||
var sprintf_default = /*#__PURE__*/__webpack_require__.n(sprintf);
|
||||
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -1374,9 +1374,9 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
|||
* @return string redirect-sanitized URL
|
||||
*/
|
||||
function wp_validate_redirect( $location, $default = '' ) {
|
||||
$location = trim( $location, " \t\n\r\0\x08\x0B" );
|
||||
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
|
||||
if ( substr( $location, 0, 2 ) == '//' ) {
|
||||
$location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
|
||||
// Browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'.
|
||||
if ( '//' === substr( $location, 0, 2 ) ) {
|
||||
$location = 'http:' . $location;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue