WordPress.org

Make WordPress Core

Ticket #17560: 17560.5.diff

File 17560.5.diff, 1.8 KB (added by SergeyBiryukov, 7 years ago)
  • wp-includes/formatting.php

     
    30003000        return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
    30013001}
    30023002
     3003/**
     3004 * Sanitize space or carriage return separated URLs that are used to send trackbacks.
     3005 *
     3006 * @since 3.3.0
     3007 *
     3008 * @param string $to_ping Space or carriage return separated URLs
     3009 * @return string URLs starting with the http or https protocol, separated by a carriage return.
     3010 */
     3011function sanitize_trackback_urls( $to_ping ) {
     3012        $urls_to_ping = preg_split( '/\r\n\t /', trim( $to_ping ), -1, PREG_SPLIT_NO_EMPTY );
     3013        foreach ( $urls_to_ping as $k => $url ) {
     3014                if ( !preg_match( '#^https?://.#i', $url ) )
     3015                        unset( $urls_to_ping[$k] );
     3016        }
     3017        $urls_to_ping = array_map( 'esc_url_raw', $urls_to_ping );
     3018        $urls_to_ping = implode( "\n", $urls_to_ping );
     3019        return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping );
     3020}
     3021
    30033022?>
  • wp-includes/post.php

     
    25302530                $ping_status = get_option('default_ping_status');
    25312531
    25322532        if ( isset($to_ping) )
    2533                 $to_ping = preg_replace('|\s+|', "\n", $to_ping);
     2533                $to_ping = sanitize_trackback_urls( $to_ping );
    25342534        else
    25352535                $to_ping = '';
    25362536
     
    30573057function get_to_ping($post_id) {
    30583058        global $wpdb;
    30593059        $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id ));
    3060         $to_ping = trim($to_ping);
     3060        $to_ping = sanitize_trackback_urls( $to_ping );
    30613061        $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY);
    30623062        $to_ping = apply_filters('get_to_ping',  $to_ping);
    30633063        return $to_ping;