WordPress.org

Make WordPress Core

Ticket #10914: 10914-3.diff

File 10914-3.diff, 2.0 KB (added by technosailor, 5 years ago)

Same as 19914-2.diff except it uses the same array of default protocols in formatting.php:esc_url()

  • wp-includes/formatting.php

     
    22142214        } 
    22152215 
    22162216        if ( !is_array($protocols) ) 
    2217                 $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); 
     2217                $protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn'); 
    22182218        if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) 
    22192219                return ''; 
    22202220 
  • wp-includes/kses.php

     
    480480 * call this function. 
    481481 * 
    482482 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', 
    483  * 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common 
    484  * link protocols, except for 'javascript' which should not be allowed for 
    485  * untrusted users. 
     483 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This 
     484 * covers all common link protocols, except for 'javascript' which should not 
     485 * be allowed for untrusted users. 
    486486 * 
    487487 * @since 1.0.0 
    488488 * 
     
    491491 * @param array $allowed_protocols Optional. Allowed protocol in links. 
    492492 * @return string Filtered content with only allowed HTML elements 
    493493 */ 
    494 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet')) { 
     494function wp_kses($string, $allowed_html, $allowed_protocols = array ()) { 
     495        $allowed_protocols = wp_parse_args( $allowed_protocols, apply_filters('kses_allowed_protocols', array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn') )); 
    495496        $string = wp_kses_no_null($string); 
    496497        $string = wp_kses_js_entities($string); 
    497498        $string = wp_kses_normalize_entities($string);