WordPress.org

Make WordPress Core

Ticket #52886: 52886.2.diff

File 52886.2.diff, 2.9 KB (added by mkaz, 4 months ago)

Unit test added.

  • src/wp-includes/formatting.php

    diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
    index 238bcc738c..6f5d0432a8 100644
    a b function esc_sql( $data ) { 
    42964296 * is applied to the returned cleaned URL.
    42974297 *
    42984298 * @since 2.8.0
    4299  *
    4300  * @param string   $url       The URL to be cleaned.
    4301  * @param string[] $protocols Optional. An array of acceptable protocols.
    4302  *                            Defaults to return value of wp_allowed_protocols().
    4303  * @param string   $_context  Private. Use esc_url_raw() for database usage.
     4299 * @since 5.8.0 Added the `$default_protocol` parameter.
     4300 *
     4301 * @param string   $url              The URL to be cleaned.
     4302 * @param string[] $protocols        Optional. An array of acceptable protocols.
     4303 *                                   Defaults to return value of wp_allowed_protocols().
     4304 * @param string   $_context         Private. Use esc_url_raw() for database usage.
     4305 * @param string   $default_protocol Use to specify different default, for historical
     4306 *                                   reasons esc_url defaults to http:// pass string
     4307 *                                   https:// to change the default behavior.
    43044308 * @return string The cleaned URL after the {@see 'clean_url'} filter is applied.
    43054309 *                An empty string is returned if `$url` specifies a protocol other than
    43064310 *                those in `$protocols`, or if `$url` contains an empty string.
    43074311 */
    4308 function esc_url( $url, $protocols = null, $_context = 'display' ) {
     4312function esc_url( $url, $protocols = null, $_context = 'display', $default_protocol = 'http://' ) {
    43094313        $original_url = $url;
    43104314
    43114315        if ( '' === $url ) {
    function esc_url( $url, $protocols = null, $_context = 'display' ) { 
    43294333         * If the URL doesn't appear to contain a scheme, we presume
    43304334         * it needs http:// prepended (unless it's a relative link
    43314335         * starting with /, # or ?, or a PHP file).
     4336         * Since 5.8, it uses $default_protocol to allow https:// presumption
    43324337         */
    43334338        if ( strpos( $url, ':' ) === false && ! in_array( $url[0], array( '/', '#', '?' ), true ) &&
    43344339                ! preg_match( '/^[a-z0-9-]+?\.php/i', $url ) ) {
    4335                 $url = 'http://' . $url;
     4340                $url = $default_protocol . $url;
    43364341        }
    43374342
    43384343        // Replace ampersands and single quotes only when displaying.
  • tests/phpunit/tests/formatting/EscUrl.php

    diff --git a/tests/phpunit/tests/formatting/EscUrl.php b/tests/phpunit/tests/formatting/EscUrl.php
    index 13ecc4af66..076da6234f 100644
    a b EOT; 
    262262                $this->assertSame( 'http://[::FFFF::127.0.0.1]/?foo%5Bbar%5D=baz', esc_url( 'http://[::FFFF::127.0.0.1]/?foo[bar]=baz' ) );
    263263        }
    264264
     265        /**
     266         * @ticket 52886
     267         */
     268        function test_default_protocol() {
     269                $this->assertSame( 'http://example.com', esc_url( 'example.com' ) );
     270                $this->assertSame(
     271                        'https://example.com',
     272                        esc_url(
     273                                'example.com',
     274                                null,
     275                                'display',
     276                                'https://'
     277                        )
     278                );
     279        }
     280
    265281}