Make WordPress Core

Ticket #52886: 52886.1.diff

File 52886.1.diff, 2.3 KB (added by audrasjb, 4 years ago)
  • src/wp-includes/formatting.php

    diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
    index b716c6bc1f..c442aee119 100644
    a b function esc_sql( $data ) { 
    42964296 * is applied to the returned cleaned URL.
    42974297 *
    42984298 * @since 2.8.0
    4299  *
    4300  * @param string   $url       The URL to be cleaned.
    4301  * @param string[] $protocols Optional. An array of acceptable protocols.
    4302  *                            Defaults to return value of wp_allowed_protocols().
    4303  * @param string   $_context  Private. Use esc_url_raw() for database usage.
     4299 * @since 5.8.0 Added the `$default_protocol` parameter.
     4300 *
     4301 * @param string   $url              The URL to be cleaned.
     4302 * @param string[] $protocols        Optional. An array of acceptable protocols.
     4303 *                                   Defaults to return value of wp_allowed_protocols().
     4304 * @param string   $_context         Private. Use esc_url_raw() for database usage.
     4305 * @param string   $default_protocol Use to specify different default, for historical
     4306 *                                   reasons esc_url defaults to http:// pass string
     4307 *                                   https:// to change the default behavior.
    43044308 * @return string The cleaned URL after the {@see 'clean_url'} filter is applied.
    43054309 *                An empty string is returned if `$url` specifies a protocol other than
    43064310 *                those in `$protocols`, or if `$url` contains an empty string.
    43074311 */
    4308 function esc_url( $url, $protocols = null, $_context = 'display' ) {
     4312function esc_url( $url, $protocols = null, $_context = 'display', $default_protocol = 'http://' ) {
    43094313        $original_url = $url;
    43104314
    43114315        if ( '' === $url ) {
    function esc_url( $url, $protocols = null, $_context = 'display' ) { 
    43294333         * If the URL doesn't appear to contain a scheme, we presume
    43304334         * it needs http:// prepended (unless it's a relative link
    43314335         * starting with /, # or ?, or a PHP file).
     4336         * Since 5.8, it uses $default_protocol to allow https:// presumption
    43324337         */
    43334338        if ( strpos( $url, ':' ) === false && ! in_array( $url[0], array( '/', '#', '?' ), true ) &&
    43344339                ! preg_match( '/^[a-z0-9-]+?\.php/i', $url ) ) {
    4335                 $url = 'http://' . $url;
     4340                $url = $default_protocol . $url;
    43364341        }
    43374342
    43384343        // Replace ampersands and single quotes only when displaying.