Changeset 18826

Timestamp:

09/29/2011 10:33:51 PM (14 years ago)

Author:

duck_

Message:

Introduce wp_allowed_protocols() for use in wp_kses() and esc_url(). See #18268.

This allows plugins to filter the list of protocols used for esc_url() too, and helps us keep the list of protocols in sync.

Location:

trunk/wp-includes

Files:

• formatting.php (modified) (1 diff)
• functions.php (modified) (1 diff)
• kses.php (modified) (1 diff)

trunk/wp-includes/formatting.php

@@ -2300 +2300 @@
     }
 
-    if ( !is_array($protocols) )
-        $protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn');
+    if ( ! is_array( $protocols ) )
+        $protocols = wp_allowed_protocols();
     if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
         return '';

trunk/wp-includes/functions.php

@@ -4611 +4611 @@
 }
 
+/**
+ * Retrieve a list of protocols to allow in HTML attributes.
+ *
+ * @since 3.3.0
+ * @see wp_kses()
+ * @see esc_url()
+ *
+ * @return array Array of allowed protocols
+ */
+function wp_allowed_protocols() {
+    static $protocols;
+
+    if ( empty( $protocols ) ) {
+        $protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' );
+        $protocols = apply_filters( 'kses_allowed_protocols', $protocols );
+    }
+
+    return $protocols;
+}
+
 ?>

trunk/wp-includes/kses.php

@@ -501 +501 @@
  */
 function wp_kses($string, $allowed_html, $allowed_protocols = array ()) {
-    $allowed_protocols = wp_parse_args( $allowed_protocols, apply_filters('kses_allowed_protocols', array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn') ));
+    $allowed_protocols = wp_parse_args( $allowed_protocols, wp_allowed_protocols() );
     $string = wp_kses_no_null($string);
     $string = wp_kses_js_entities($string);