diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
index 238bcc738c..6f5d0432a8 100644
a
|
b
|
function esc_sql( $data ) { |
4296 | 4296 | * is applied to the returned cleaned URL. |
4297 | 4297 | * |
4298 | 4298 | * @since 2.8.0 |
4299 | | * |
4300 | | * @param string $url The URL to be cleaned. |
4301 | | * @param string[] $protocols Optional. An array of acceptable protocols. |
4302 | | * Defaults to return value of wp_allowed_protocols(). |
4303 | | * @param string $_context Private. Use esc_url_raw() for database usage. |
| 4299 | * @since 5.8.0 Added the `$default_protocol` parameter. |
| 4300 | * |
| 4301 | * @param string $url The URL to be cleaned. |
| 4302 | * @param string[] $protocols Optional. An array of acceptable protocols. |
| 4303 | * Defaults to return value of wp_allowed_protocols(). |
| 4304 | * @param string $_context Private. Use esc_url_raw() for database usage. |
| 4305 | * @param string $default_protocol Use to specify different default, for historical |
| 4306 | * reasons esc_url defaults to http:// pass string |
| 4307 | * https:// to change the default behavior. |
4304 | 4308 | * @return string The cleaned URL after the {@see 'clean_url'} filter is applied. |
4305 | 4309 | * An empty string is returned if `$url` specifies a protocol other than |
4306 | 4310 | * those in `$protocols`, or if `$url` contains an empty string. |
4307 | 4311 | */ |
4308 | | function esc_url( $url, $protocols = null, $_context = 'display' ) { |
| 4312 | function esc_url( $url, $protocols = null, $_context = 'display', $default_protocol = 'http://' ) { |
4309 | 4313 | $original_url = $url; |
4310 | 4314 | |
4311 | 4315 | if ( '' === $url ) { |
… |
… |
function esc_url( $url, $protocols = null, $_context = 'display' ) { |
4329 | 4333 | * If the URL doesn't appear to contain a scheme, we presume |
4330 | 4334 | * it needs http:// prepended (unless it's a relative link |
4331 | 4335 | * starting with /, # or ?, or a PHP file). |
| 4336 | * Since 5.8, it uses $default_protocol to allow https:// presumption |
4332 | 4337 | */ |
4333 | 4338 | if ( strpos( $url, ':' ) === false && ! in_array( $url[0], array( '/', '#', '?' ), true ) && |
4334 | 4339 | ! preg_match( '/^[a-z0-9-]+?\.php/i', $url ) ) { |
4335 | | $url = 'http://' . $url; |
| 4340 | $url = $default_protocol . $url; |
4336 | 4341 | } |
4337 | 4342 | |
4338 | 4343 | // Replace ampersands and single quotes only when displaying. |
diff --git a/tests/phpunit/tests/formatting/EscUrl.php b/tests/phpunit/tests/formatting/EscUrl.php
index 13ecc4af66..076da6234f 100644
a
|
b
|
EOT; |
262 | 262 | $this->assertSame( 'http://[::FFFF::127.0.0.1]/?foo%5Bbar%5D=baz', esc_url( 'http://[::FFFF::127.0.0.1]/?foo[bar]=baz' ) ); |
263 | 263 | } |
264 | 264 | |
| 265 | /** |
| 266 | * @ticket 52886 |
| 267 | */ |
| 268 | function test_default_protocol() { |
| 269 | $this->assertSame( 'http://example.com', esc_url( 'example.com' ) ); |
| 270 | $this->assertSame( |
| 271 | 'https://example.com', |
| 272 | esc_url( |
| 273 | 'example.com', |
| 274 | null, |
| 275 | 'display', |
| 276 | 'https://' |
| 277 | ) |
| 278 | ); |
| 279 | } |
| 280 | |
265 | 281 | } |