WordPress.org

Make WordPress Core

Changeset 18826


Ignore:
Timestamp:
09/29/2011 10:33:51 PM (7 years ago)
Author:
duck_
Message:

Introduce wp_allowed_protocols() for use in wp_kses() and esc_url(). See #18268.

This allows plugins to filter the list of protocols used for esc_url() too, and helps us keep the list of protocols in sync.

Location:
trunk/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/formatting.php

    r18824 r18826  
    23002300    }
    23012301
    2302     if ( !is_array($protocols) )
    2303         $protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn');
     2302    if ( ! is_array( $protocols ) )
     2303        $protocols = wp_allowed_protocols();
    23042304    if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
    23052305        return '';
  • trunk/wp-includes/functions.php

    r18822 r18826  
    46114611}
    46124612
     4613/**
     4614 * Retrieve a list of protocols to allow in HTML attributes.
     4615 *
     4616 * @since 3.3.0
     4617 * @see wp_kses()
     4618 * @see esc_url()
     4619 *
     4620 * @return array Array of allowed protocols
     4621 */
     4622function wp_allowed_protocols() {
     4623    static $protocols;
     4624
     4625    if ( empty( $protocols ) ) {
     4626        $protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' );
     4627        $protocols = apply_filters( 'kses_allowed_protocols', $protocols );
     4628    }
     4629
     4630    return $protocols;
     4631}
     4632
    46134633?>
  • trunk/wp-includes/kses.php

    r18208 r18826  
    501501 */
    502502function wp_kses($string, $allowed_html, $allowed_protocols = array ()) {
    503     $allowed_protocols = wp_parse_args( $allowed_protocols, apply_filters('kses_allowed_protocols', array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn') ));
     503    $allowed_protocols = wp_parse_args( $allowed_protocols, wp_allowed_protocols() );
    504504    $string = wp_kses_no_null($string);
    505505    $string = wp_kses_js_entities($string);
Note: See TracChangeset for help on using the changeset viewer.