WordPress.org

Make WordPress Core

Ticket #17560: 17560.first.diff

File 17560.first.diff, 1.4 KB (added by xknown, 7 years ago)

Introduce sanitize_trackback_urls function. I only consider http and https as the protocols that allow trackbacks.

  • wp-includes/formatting.php

     
    29022902        return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
    29032903}
    29042904
     2905/**
     2906 * Sanitize space or carriage return separated urls that are used to send trackbacks.
     2907 *
     2908 * @since 3.2.0
     2909 *
     2910 * @param string $to_ping Space or carriage return separated urls
     2911 * @return string Urls starting with the http or https protocol, separated by a carriage return.
     2912 */
     2913function sanitize_trackback_urls( $to_ping ) {
     2914    $urls_to_ping = preg_split('/\s|\n/', $to_ping, -1, PREG_SPLIT_NO_EMPTY);
     2915    foreach( $urls_to_ping as $k => $url ) {
     2916        if ( !preg_match('#^https?://.#i', $url) )
     2917            unset($urls_to_ping[$k]);
     2918    }
     2919        $sani_to_ping = implode( "\n", $urls_to_ping );
     2920        return apply_filters( 'sanitize_trackback_urls', $sani_to_ping, $to_ping );
     2921}
     2922
    29052923?>
  • wp-includes/post.php

     
    25192519                $ping_status = get_option('default_ping_status');
    25202520
    25212521        if ( isset($to_ping) )
    2522                 $to_ping = preg_replace('|\s+|', "\n", $to_ping);
     2522                $to_ping = sanitize_trackback_urls( $to_ping );
    25232523        else
    25242524                $to_ping = '';
    25252525