Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@6182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f3e26c6d98
commit
5300ef20cf
|
@ -25,9 +25,18 @@ foreach ( $filters as $filter ) {
|
||||||
add_filter($filter, 'wp_filter_kses');
|
add_filter($filter, 'wp_filter_kses');
|
||||||
}
|
}
|
||||||
|
|
||||||
// URL
|
// Save URL
|
||||||
$filters = array('pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image',
|
$filters = array('pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image',
|
||||||
'pre_link_rss', 'comment_url');
|
'pre_link_rss');
|
||||||
|
foreach ( $filters as $filter ) {
|
||||||
|
add_filter($filter, 'strip_tags');
|
||||||
|
add_filter($filter, 'trim');
|
||||||
|
add_filter($filter, 'sanitize_url');
|
||||||
|
add_filter($filter, 'wp_filter_kses');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Display URL
|
||||||
|
$filters = array('user_url', 'link_url', 'link_image', 'link_rss', 'comment_url');
|
||||||
foreach ( $filters as $filter ) {
|
foreach ( $filters as $filter ) {
|
||||||
add_filter($filter, 'strip_tags');
|
add_filter($filter, 'strip_tags');
|
||||||
add_filter($filter, 'trim');
|
add_filter($filter, 'trim');
|
||||||
|
|
|
@ -1087,7 +1087,7 @@ function wp_richedit_pre($text) {
|
||||||
return apply_filters('richedit_pre', $output);
|
return apply_filters('richedit_pre', $output);
|
||||||
}
|
}
|
||||||
|
|
||||||
function clean_url( $url, $protocols = null ) {
|
function clean_url( $url, $protocols = null, $context = 'display' ) {
|
||||||
$original_url = $url;
|
$original_url = $url;
|
||||||
|
|
||||||
if ('' == $url) return $url;
|
if ('' == $url) return $url;
|
||||||
|
@ -1103,13 +1103,20 @@ function clean_url( $url, $protocols = null ) {
|
||||||
substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
|
substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
|
||||||
$url = 'http://' . $url;
|
$url = 'http://' . $url;
|
||||||
|
|
||||||
$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
|
// Replace ampersands ony when displaying.
|
||||||
|
if ( 'display' == $context )
|
||||||
|
$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
|
||||||
|
|
||||||
if ( !is_array($protocols) )
|
if ( !is_array($protocols) )
|
||||||
$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
|
$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
|
||||||
if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
|
if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
|
||||||
return '';
|
return '';
|
||||||
|
|
||||||
return apply_filters('clean_url', $url, $original_url);
|
return apply_filters('clean_url', $url, $original_url, $context);
|
||||||
|
}
|
||||||
|
|
||||||
|
function sanitize_url( $url, $protocols = null ) {
|
||||||
|
return clean_url( $url, $protocols, 'db');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Borrowed from the PHP Manual user notes. Convert entities, while
|
// Borrowed from the PHP Manual user notes. Convert entities, while
|
||||||
|
|
|
@ -1001,7 +1001,7 @@ function wp_widget_rss_control($number) {
|
||||||
$options = $newoptions = get_option('widget_rss');
|
$options = $newoptions = get_option('widget_rss');
|
||||||
if ( $_POST["rss-submit-$number"] ) {
|
if ( $_POST["rss-submit-$number"] ) {
|
||||||
$newoptions[$number]['items'] = (int) $_POST["rss-items-$number"];
|
$newoptions[$number]['items'] = (int) $_POST["rss-items-$number"];
|
||||||
$url = clean_url(strip_tags(stripslashes($_POST["rss-url-$number"])));
|
$url = sanitize_url(strip_tags(stripslashes($_POST["rss-url-$number"])));
|
||||||
$newoptions[$number]['title'] = trim(strip_tags(stripslashes($_POST["rss-title-$number"])));
|
$newoptions[$number]['title'] = trim(strip_tags(stripslashes($_POST["rss-title-$number"])));
|
||||||
if ( $url !== $options[$number]['url'] ) {
|
if ( $url !== $options[$number]['url'] ) {
|
||||||
require_once(ABSPATH . WPINC . '/rss.php');
|
require_once(ABSPATH . WPINC . '/rss.php');
|
||||||
|
|
Loading…
Reference in New Issue