Make WordPress Core

Ticket #52886: 52886.diff

File 52886.diff, 2.2 KB (added by mkaz, 4 years ago)
  • src/wp-includes/formatting.php

    diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
    index b716c6bc1f..529ffa0f1e 100644
    a b function esc_sql( $data ) { 
    42974297 *
    42984298 * @since 2.8.0
    42994299 *
    4300  * @param string   $url       The URL to be cleaned.
    4301  * @param string[] $protocols Optional. An array of acceptable protocols.
    4302  *                            Defaults to return value of wp_allowed_protocols().
    4303  * @param string   $_context  Private. Use esc_url_raw() for database usage.
     4300 * @param string   $url               The URL to be cleaned.
     4301 * @param string[] $protocols         Optional. An array of acceptable protocols.
     4302 *                                    Defaults to return value of wp_allowed_protocols().
     4303 * @param string   $_context          Private. Use esc_url_raw() for database usage.
     4304 * @param string   $default_protocol  Use to specify different default, for historical
     4305 *                                    reasons esc_url defaults to http:// pass string
     4306 *                                    https:// to change the default behavior.
    43044307 * @return string The cleaned URL after the {@see 'clean_url'} filter is applied.
    43054308 *                An empty string is returned if `$url` specifies a protocol other than
    43064309 *                those in `$protocols`, or if `$url` contains an empty string.
    43074310 */
    4308 function esc_url( $url, $protocols = null, $_context = 'display' ) {
     4311function esc_url( $url, $protocols = null, $_context = 'display', $default_protocol = 'http://' ) {
    43094312        $original_url = $url;
    43104313
    43114314        if ( '' === $url ) {
    function esc_url( $url, $protocols = null, $_context = 'display' ) { 
    43294332         * If the URL doesn't appear to contain a scheme, we presume
    43304333         * it needs http:// prepended (unless it's a relative link
    43314334         * starting with /, # or ?, or a PHP file).
     4335         * @since 5.8 use default_protocol to allow https:// presumption
    43324336         */
    43334337        if ( strpos( $url, ':' ) === false && ! in_array( $url[0], array( '/', '#', '?' ), true ) &&
    43344338                ! preg_match( '/^[a-z0-9-]+?\.php/i', $url ) ) {
    4335                 $url = 'http://' . $url;
     4339                $url = $default_protocol . $url;
    43364340        }
    43374341
    43384342        // Replace ampersands and single quotes only when displaying.