WordPress.org

Make WordPress Core

Ticket #19665: 19665.3.patch

File 19665.3.patch, 606 bytes (added by SergeyBiryukov, 3 years ago)
  • wp-includes/formatting.php

     
    28432843        global $_links_add_base; 
    28442844        //1 = attribute name  2 = quotation mark  3 = URL 
    28452845        return $m[1] . '=' . $m[2] . 
    2846                 (strpos($m[3], 'http://') === false ? 
    2847                         path_join($_links_add_base, $m[3]) : 
    2848                         $m[3]) 
     2846                ( preg_match( '#^(\w{1,20}):#', $m[3], $protocol ) && in_array( $protocol[1], wp_allowed_protocols() ) ? 
     2847                        $m[3] : 
     2848                        path_join( $_links_add_base, $m[3] ) ) 
    28492849                . $m[2]; 
    28502850} 
    28512851