WordPress.org

Make WordPress Core

Ticket #19665: 19665.3.patch

File 19665.3.patch, 606 bytes (added by SergeyBiryukov, 6 years ago)
  • wp-includes/formatting.php

     
    28432843        global $_links_add_base;
    28442844        //1 = attribute name  2 = quotation mark  3 = URL
    28452845        return $m[1] . '=' . $m[2] .
    2846                 (strpos($m[3], 'http://') === false ?
    2847                         path_join($_links_add_base, $m[3]) :
    2848                         $m[3])
     2846                ( preg_match( '#^(\w{1,20}):#', $m[3], $protocol ) && in_array( $protocol[1], wp_allowed_protocols() ) ?
     2847                        $m[3] :
     2848                        path_join( $_links_add_base, $m[3] ) )
    28492849                . $m[2];
    28502850}
    28512851