WordPress.org

Make WordPress Core

Ticket #18268: 18268.diff

File 18268.diff, 1.9 KB (added by duck_, 7 years ago)
  • wp-includes/functions.php

     
    46094609        @header( 'X-Frame-Options: SAMEORIGIN' );
    46104610}
    46114611
     4612function wp_allowed_protocols() {
     4613        static $protocols;
     4614
     4615        if ( empty( $protocols ) ) {
     4616                $protocols = array ( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' );
     4617                $protocols = apply_filters( 'kses_allowed_protocols', $protocols );
     4618        }
     4619
     4620        return $protocols;
     4621}
     4622
    46124623?>
  • wp-includes/formatting.php

     
    22992299                $url = str_replace( "'", ''', $url );
    23002300        }
    23012301
    2302         if ( !is_array($protocols) )
    2303                 $protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn');
     2302        if ( ! is_array( $protocols ) )
     2303                $protocols = wp_allowed_protocols();
    23042304        if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
    23052305                return '';
    23062306
  • wp-includes/kses.php

     
    500500 * @return string Filtered content with only allowed HTML elements
    501501 */
    502502function wp_kses($string, $allowed_html, $allowed_protocols = array ()) {
    503         $allowed_protocols = wp_parse_args( $allowed_protocols, apply_filters('kses_allowed_protocols', array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn') ));
     503        $allowed_protocols = wp_parse_args( $allowed_protocols, wp_allowed_protocols() );
    504504        $string = wp_kses_no_null($string);
    505505        $string = wp_kses_js_entities($string);
    506506        $string = wp_kses_normalize_entities($string);