WordPress.org

Make WordPress Core

Changeset 14412


Ignore:
Timestamp:
05/03/2010 09:20:20 PM (9 years ago)
Author:
markjaquith
Message:

Add some new protocols for KSES. Make the list of protocols filterable. Start esc_url() with the same list. fixes #10914. props technosailor

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/formatting.php

    r14404 r14412  
    22152215
    22162216    if ( !is_array($protocols) )
    2217         $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
     2217        $protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn');
    22182218    if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
    22192219        return '';
  • trunk/wp-includes/kses.php

    r14406 r14412  
    481481 *
    482482 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
    483  * 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common
    484  * link protocols, except for 'javascript' which should not be allowed for
    485  * untrusted users.
     483 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
     484 * covers all common link protocols, except for 'javascript' which should not
     485 * be allowed for untrusted users.
    486486 *
    487487 * @since 1.0.0
     
    492492 * @return string Filtered content with only allowed HTML elements
    493493 */
    494 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet')) {
     494function wp_kses($string, $allowed_html, $allowed_protocols = array ()) {
     495    $allowed_protocols = wp_parse_args( $allowed_protocols, apply_filters('kses_allowed_protocols', array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn') ));
    495496    $string = wp_kses_no_null($string);
    496497    $string = wp_kses_js_entities($string);
Note: See TracChangeset for help on using the changeset viewer.