Ticket #40916: 40916.patch
| File 40916.patch, 3.8 KB (added by , 4 years ago) |
|---|
-
src/wp-admin/edit-comments.php
From 42fd44a7f659955bd1d479a37ec74ff2f61031b2 Mon Sep 17 00:00:00 2001 From: Andrei Draganescu <andrei.draganescu@automattic.com> Date: Tue, 3 Dec 2019 15:31:56 +0200 Subject: [PATCH] refreshes @Cybr 's patch --- src/wp-admin/edit-comments.php | 3 ++ .../includes/class-wp-comments-list-table.php | 3 +- src/wp-includes/formatting.php | 47 +++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/src/wp-admin/edit-comments.php b/src/wp-admin/edit-comments.php index 0bd3b7a09d..0abf1ac794 100644
a b 16 16 ); 17 17 } 18 18 19 //* TODO determine whether to move globally (i.e. filter "pre_comment_content"). Ticket #40916 20 add_filter( 'comment_text', 'wp_unbind_links', 35 ); 21 19 22 $wp_list_table = _get_list_table( 'WP_Comments_List_Table' ); 20 23 $pagenum = $wp_list_table->get_pagenum(); 21 24 -
src/wp-admin/includes/class-wp-comments-list-table.php
diff --git a/src/wp-admin/includes/class-wp-comments-list-table.php b/src/wp-admin/includes/class-wp-comments-list-table.php index 1020aab127..895a10625c 100644
a b public function column_author( $comment ) { 833 833 comment_author( $comment ); 834 834 echo '</strong><br />'; 835 835 if ( ! empty( $author_url_display ) ) { 836 printf( '<a href="%s">%s</a><br />', esc_url( $author_url ), esc_html( $author_url_display ) ); 836 // Ticket #40916 837 printf( '<a href="%s" rel="noopener noreferrer" target="_blank">%s</a><br />', esc_url( $author_url ), esc_html( $author_url_display ) ); 837 838 } 838 839 839 840 if ( $this->user_can ) { -
src/wp-includes/formatting.php
diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php index f7d248294c..790c655f05 100644
a b function wp_remove_targeted_link_rel_filters() { 3262 3262 }; 3263 3263 } 3264 3264 3265 /** 3266 * Adds target="_blank" and rel="noreferrer noopener" strings to all HTML A elements 3267 * in content. 3268 * 3269 * Removes current target and rel attributes prior. 3270 * 3271 * @since TODO Ticket #40916 3272 * 3273 * @param string $text Content that may contain HTML A elements. 3274 * @return string Converted content. 3275 */ 3276 function wp_unbind_links( $text ) { 3277 // Ticket #40916 Filter usage to be determined... 3278 if ( 'pre_comment_content' === current_filter() ) { 3279 // This is a pre save filter, so text is already escaped. 3280 $text = stripslashes( $text ); 3281 $text = preg_replace_callback( '|<a (.+?)>|i', 'wp_unbind_links_callback', $text ); 3282 return wp_slash( $text ); 3283 } 3284 return preg_replace_callback( '|<a (.+?)>|i', 'wp_unbind_links_callback', $text ); 3285 } 3286 3287 /** 3288 * Callback to add target="_blank" and rel="noreferrer noopener" string to HTML A element. 3289 * 3290 * Will remove already existing rel="noreferrer", rel='noreferrer', rel="noopener" 3291 * and rel='noopener' from the string to prevent from invalidating (X)HTML. 3292 * 3293 * @since TODO Ticket #40916 3294 * 3295 * @param array $matches Single Match 3296 * @return string HTML A Element with target="_blank" and rel="noreferrer noopener". 3297 */ 3298 function wp_unbind_links_callback( $matches ) { 3299 $text = $matches[1]; 3300 /** 3301 * Captures rel and target attributes with content. 3302 * Closing/opening tag aware, i.e. it captures: 3303 * rel='nofollow"', rel="nofollow", rel=nofollow, rel="nofollow noreferrer" 3304 */ 3305 $regex = '/(target|rel)\=(\'|"?)((?:.(?!\2?\s+(?:\S+)=|[>]\2))+.)\2?/i'; 3306 //* TODO This will add stray whitespaces... It's not important enough to clean up. 3307 $text = preg_replace( $regex, '', $text ); 3308 return sprintf( '<a %s target=_blank rel="noopener noreferrer">', $text ); 3309 } 3310 3311 3265 3312 /** 3266 3313 * Convert one smiley code to the icon graphic file equivalent. 3267 3314 *