WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Introduce wp_allowed_protocols() for use in wp_kses() and esc_url(). See #18268. 

This allows plugins to filter the list of protocols used for esc_url() too, and helps us keep the list of protocols in sync.


git-svn-id: http://svn.automattic.com/wordpress/trunk@18826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
duck_ 2011-09-29 22:33:51 +00:00
parent fda510aca1
commit 4171ea192b
3 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/formatting.php
View File

@ -2299,8 +2299,8 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
$url = str_replace( "'", ''', $url );
}
if ( !is_array($protocols) )
$protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn');
if ( ! is_array( $protocols ) )
$protocols = wp_allowed_protocols();
if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
return '';

20
wp-includes/functions.php
View File

@ -4610,4 +4610,24 @@ function send_frame_options_header() {
@header( 'X-Frame-Options: SAMEORIGIN' );
}
/**
* Retrieve a list of protocols to allow in HTML attributes.
*
* @since 3.3.0
* @see wp_kses()
* @see esc_url()
*
* @return array Array of allowed protocols
*/
function wp_allowed_protocols() {
static $protocols;
if ( empty( $protocols ) ) {
$protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' );
$protocols = apply_filters( 'kses_allowed_protocols', $protocols );
}
return $protocols;
}
?>

2
wp-includes/kses.php
View File

@ -500,7 +500,7 @@ if ( ! CUSTOM_TAGS ) {
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses($string, $allowed_html, $allowed_protocols = array ()) {
$allowed_protocols = wp_parse_args( $allowed_protocols, apply_filters('kses_allowed_protocols', array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn') ));
$allowed_protocols = wp_parse_args( $allowed_protocols, wp_allowed_protocols() );
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);