WordPress.org

Make WordPress Core

Ticket #18268: 18268.diff

File 18268.diff, 1.9 KB (added by duck_, 3 years ago)
  • wp-includes/functions.php

     
    46094609        @header( 'X-Frame-Options: SAMEORIGIN' ); 
    46104610} 
    46114611 
     4612function wp_allowed_protocols() { 
     4613        static $protocols; 
     4614 
     4615        if ( empty( $protocols ) ) { 
     4616                $protocols = array ( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' ); 
     4617                $protocols = apply_filters( 'kses_allowed_protocols', $protocols ); 
     4618        } 
     4619 
     4620        return $protocols; 
     4621} 
     4622 
    46124623?> 
  • wp-includes/formatting.php

     
    22992299                $url = str_replace( "'", ''', $url ); 
    23002300        } 
    23012301 
    2302         if ( !is_array($protocols) ) 
    2303                 $protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn'); 
     2302        if ( ! is_array( $protocols ) ) 
     2303                $protocols = wp_allowed_protocols(); 
    23042304        if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) 
    23052305                return ''; 
    23062306 
  • wp-includes/kses.php

     
    500500 * @return string Filtered content with only allowed HTML elements 
    501501 */ 
    502502function wp_kses($string, $allowed_html, $allowed_protocols = array ()) { 
    503         $allowed_protocols = wp_parse_args( $allowed_protocols, apply_filters('kses_allowed_protocols', array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn') )); 
     503        $allowed_protocols = wp_parse_args( $allowed_protocols, wp_allowed_protocols() ); 
    504504        $string = wp_kses_no_null($string); 
    505505        $string = wp_kses_js_entities($string); 
    506506        $string = wp_kses_normalize_entities($string);