WordPress.org

Make WordPress Core

Ticket #17560: 17560.first.diff

File 17560.first.diff, 1.4 KB (added by xknown, 4 years ago)

Introduce sanitize_trackback_urls function. I only consider http and https as the protocols that allow trackbacks.

  • wp-includes/formatting.php

     
    29022902        return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type ); 
    29032903} 
    29042904 
     2905/** 
     2906 * Sanitize space or carriage return separated urls that are used to send trackbacks. 
     2907 * 
     2908 * @since 3.2.0 
     2909 * 
     2910 * @param string $to_ping Space or carriage return separated urls 
     2911 * @return string Urls starting with the http or https protocol, separated by a carriage return. 
     2912 */ 
     2913function sanitize_trackback_urls( $to_ping ) { 
     2914    $urls_to_ping = preg_split('/\s|\n/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); 
     2915    foreach( $urls_to_ping as $k => $url ) { 
     2916        if ( !preg_match('#^https?://.#i', $url) ) 
     2917            unset($urls_to_ping[$k]); 
     2918    } 
     2919        $sani_to_ping = implode( "\n", $urls_to_ping ); 
     2920        return apply_filters( 'sanitize_trackback_urls', $sani_to_ping, $to_ping ); 
     2921} 
     2922 
    29052923?> 
  • wp-includes/post.php

     
    25192519                $ping_status = get_option('default_ping_status'); 
    25202520 
    25212521        if ( isset($to_ping) ) 
    2522                 $to_ping = preg_replace('|\s+|', "\n", $to_ping); 
     2522                $to_ping = sanitize_trackback_urls( $to_ping ); 
    25232523        else 
    25242524                $to_ping = ''; 
    25252525