clean_url improvements, Hat tip: markjaquith. Reviewed by nbachiyskip. Fixes #7386.
git-svn-id: http://svn.automattic.com/wordpress/trunk@9179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
79656f6382
commit
8663b8e8a4
|
@ -1670,7 +1670,7 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
|
|||
$original_url = $url;
|
||||
|
||||
if ('' == $url) return $url;
|
||||
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@()\\x80-\\xff]|i', '', $url);
|
||||
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$*\'()\\x80-\\xff]|i', '', $url);
|
||||
$strip = array('%0d', '%0a');
|
||||
$url = str_replace($strip, '', $url);
|
||||
$url = str_replace(';//', '://', $url);
|
||||
|
@ -1682,9 +1682,11 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
|
|||
substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
|
||||
$url = 'http://' . $url;
|
||||
|
||||
// Replace ampersands only when displaying.
|
||||
if ( 'display' == $context )
|
||||
// Replace ampersands and single quotes only when displaying.
|
||||
if ( 'display' == $context ) {
|
||||
$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
|
||||
$url = str_replace( "'", ''', $url );
|
||||
}
|
||||
|
||||
if ( !is_array($protocols) )
|
||||
$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
|
||||
|
|
Loading…
Reference in New Issue