WordPress.org

Make WordPress Core

Ticket #40916: 40916.patch

File 40916.patch, 3.8 KB (added by andraganescu, 17 months ago)

Refreshed patch 40916.diff

  • src/wp-admin/edit-comments.php

    From 42fd44a7f659955bd1d479a37ec74ff2f61031b2 Mon Sep 17 00:00:00 2001
    From: Andrei Draganescu <andrei.draganescu@automattic.com>
    Date: Tue, 3 Dec 2019 15:31:56 +0200
    Subject: [PATCH] refreshes @Cybr 's patch
    
    ---
     src/wp-admin/edit-comments.php                |  3 ++
     .../includes/class-wp-comments-list-table.php |  3 +-
     src/wp-includes/formatting.php                | 47 +++++++++++++++++++
     3 files changed, 52 insertions(+), 1 deletion(-)
    
    diff --git a/src/wp-admin/edit-comments.php b/src/wp-admin/edit-comments.php
    index 0bd3b7a09d..0abf1ac794 100644
    a b  
    1616        );
    1717}
    1818
     19//* TODO determine whether to move globally (i.e. filter "pre_comment_content"). Ticket #40916
     20add_filter( 'comment_text', 'wp_unbind_links', 35 );
     21
    1922$wp_list_table = _get_list_table( 'WP_Comments_List_Table' );
    2023$pagenum       = $wp_list_table->get_pagenum();
    2124
  • src/wp-admin/includes/class-wp-comments-list-table.php

    diff --git a/src/wp-admin/includes/class-wp-comments-list-table.php b/src/wp-admin/includes/class-wp-comments-list-table.php
    index 1020aab127..895a10625c 100644
    a b public function column_author( $comment ) { 
    833833                comment_author( $comment );
    834834                echo '</strong><br />';
    835835                if ( ! empty( $author_url_display ) ) {
    836                         printf( '<a href="%s">%s</a><br />', esc_url( $author_url ), esc_html( $author_url_display ) );
     836                        // Ticket #40916
     837                        printf( '<a href="%s" rel="noopener noreferrer" target="_blank">%s</a><br />', esc_url( $author_url ), esc_html( $author_url_display ) );
    837838                }
    838839
    839840                if ( $this->user_can ) {
  • src/wp-includes/formatting.php

    diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
    index f7d248294c..790c655f05 100644
    a b function wp_remove_targeted_link_rel_filters() { 
    32623262        };
    32633263}
    32643264
     3265/**
     3266 * Adds target="_blank" and rel="noreferrer noopener" strings to all HTML A elements
     3267 * in content.
     3268 *
     3269 * Removes current target and rel attributes prior.
     3270 *
     3271 * @since TODO Ticket #40916
     3272 *
     3273 * @param string $text Content that may contain HTML A elements.
     3274 * @return string Converted content.
     3275 */
     3276function wp_unbind_links( $text ) {
     3277       // Ticket #40916 Filter usage to be determined...
     3278       if ( 'pre_comment_content' === current_filter() ) {
     3279               // This is a pre save filter, so text is already escaped.
     3280               $text = stripslashes( $text );
     3281               $text = preg_replace_callback( '|<a (.+?)>|i', 'wp_unbind_links_callback', $text );
     3282               return wp_slash( $text );
     3283       }
     3284       return preg_replace_callback( '|<a (.+?)>|i', 'wp_unbind_links_callback', $text );
     3285}
     3286
     3287/**
     3288* Callback to add target="_blank" and rel="noreferrer noopener" string to HTML A element.
     3289*
     3290* Will remove already existing rel="noreferrer", rel='noreferrer', rel="noopener"
     3291* and rel='noopener' from the string to prevent from invalidating (X)HTML.
     3292*
     3293* @since TODO Ticket #40916
     3294*
     3295* @param array $matches Single Match
     3296* @return string HTML A Element with target="_blank" and rel="noreferrer noopener".
     3297*/
     3298function wp_unbind_links_callback( $matches ) {
     3299       $text = $matches[1];
     3300       /**
     3301        * Captures rel and target attributes with content.
     3302        * Closing/opening tag aware, i.e. it captures:
     3303        * rel='nofollow"', rel="nofollow", rel=nofollow, rel="nofollow noreferrer"
     3304        */
     3305       $regex = '/(target|rel)\=(\'|"?)((?:.(?!\2?\s+(?:\S+)=|[>]\2))+.)\2?/i';
     3306       //* TODO This will add stray whitespaces... It's not important enough to clean up.
     3307       $text = preg_replace( $regex, '', $text );
     3308       return sprintf( '<a %s target=_blank rel="noopener noreferrer">', $text );
     3309}
     3310   
     3311
    32653312/**
    32663313 * Convert one smiley code to the icon graphic file equivalent.
    32673314 *