WordPress.org

Make WordPress Core

Ticket #17560: 17560.5.diff

File 17560.5.diff, 1.8 KB (added by SergeyBiryukov, 2 years ago)
  • wp-includes/formatting.php

     
    30003000        return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type ); 
    30013001} 
    30023002 
     3003/** 
     3004 * Sanitize space or carriage return separated URLs that are used to send trackbacks. 
     3005 * 
     3006 * @since 3.3.0 
     3007 * 
     3008 * @param string $to_ping Space or carriage return separated URLs 
     3009 * @return string URLs starting with the http or https protocol, separated by a carriage return. 
     3010 */ 
     3011function sanitize_trackback_urls( $to_ping ) { 
     3012        $urls_to_ping = preg_split( '/\r\n\t /', trim( $to_ping ), -1, PREG_SPLIT_NO_EMPTY ); 
     3013        foreach ( $urls_to_ping as $k => $url ) { 
     3014                if ( !preg_match( '#^https?://.#i', $url ) ) 
     3015                        unset( $urls_to_ping[$k] ); 
     3016        } 
     3017        $urls_to_ping = array_map( 'esc_url_raw', $urls_to_ping ); 
     3018        $urls_to_ping = implode( "\n", $urls_to_ping ); 
     3019        return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping ); 
     3020} 
     3021 
    30033022?> 
  • wp-includes/post.php

     
    25302530                $ping_status = get_option('default_ping_status'); 
    25312531 
    25322532        if ( isset($to_ping) ) 
    2533                 $to_ping = preg_replace('|\s+|', "\n", $to_ping); 
     2533                $to_ping = sanitize_trackback_urls( $to_ping ); 
    25342534        else 
    25352535                $to_ping = ''; 
    25362536 
     
    30573057function get_to_ping($post_id) { 
    30583058        global $wpdb; 
    30593059        $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); 
    3060         $to_ping = trim($to_ping); 
     3060        $to_ping = sanitize_trackback_urls( $to_ping ); 
    30613061        $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); 
    30623062        $to_ping = apply_filters('get_to_ping',  $to_ping); 
    30633063        return $to_ping;