WordPress.org

Make WordPress Core

Ticket #17560: 17560.second.diff

File 17560.second.diff, 1.8 KB (added by xknown, 3 years ago)

Second try. Clean also the urls returned by get_to_ping. Not tested.

  • wp-includes/post.php

     
    25192519                $ping_status = get_option('default_ping_status'); 
    25202520 
    25212521        if ( isset($to_ping) ) 
    2522                 $to_ping = preg_replace('|\s+|', "\n", $to_ping); 
     2522                $to_ping = sanitize_trackback_urls( $to_ping ); 
    25232523        else 
    25242524                $to_ping = ''; 
    25252525 
     
    30523052function get_to_ping($post_id) { 
    30533053        global $wpdb; 
    30543054        $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); 
    3055         $to_ping = trim($to_ping); 
     3055        $to_ping = sanitize_trackback_urls( trim( $to_ping ) ); 
    30563056        $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); 
    30573057        $to_ping = apply_filters('get_to_ping',  $to_ping); 
    30583058        return $to_ping; 
  • wp-includes/formatting.php

     
    29022902        return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type ); 
    29032903} 
    29042904 
     2905/** 
     2906 * Sanitize space or carriage return separated urls that are used to send trackbacks. 
     2907 * 
     2908 * @since 3.2.0 
     2909 * 
     2910 * @param string $to_ping Space or carriage return separated urls 
     2911 * @return string Urls starting with the http or https protocol, separated by a carriage return. 
     2912 */ 
     2913function sanitize_trackback_urls( $to_ping ) { 
     2914    $urls_to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); 
     2915    foreach( $urls_to_ping as $k => $url ) { 
     2916        if ( !preg_match('#^https?://.#i', $url) ) 
     2917            unset($urls_to_ping[$k]); 
     2918    } 
     2919    $sani_to_ping = implode( "\n", $urls_to_ping ); 
     2920    return apply_filters( 'sanitize_trackback_urls', $sani_to_ping, $to_ping ); 
     2921} 
     2922 
    29052923?>