Make WordPress Core


Ignore:
Timestamp:
03/18/2015 08:42:38 PM (9 years ago)
Author:
azaozz
Message:

Press This: prepend the site domain to root-relative URLs. Reject other relative URLs.
Part props stephdau, kraftbj. Fixes #31645.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-press-this.php

    r31810 r31818  
    1818
    1919    private $embeds = array();
     20
     21    private $domain = '';
    2022
    2123    /**
     
    326328        // Does it look like an URL?
    327329        if ( ! preg_match( '/^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$/', $url ) ) {
     330            return '';
     331        }
     332
     333        // If the URL is root-relative, prepend the protocol and domain name
     334        if ( $url && $this->domain && preg_match( '%^/[^/]+%', $url ) ) {
     335            $url = $this->domain . $url;
     336        }
     337
     338        // Not absolute or protocol-relative URL.
     339        if ( ! preg_match( '%^(?:https?:)?//[^/]+%', $url ) ) {
    328340            return '';
    329341        }
     
    574586            if ( 'u' === $key ) {
    575587                $value = $this->_limit_url( $value );
     588
     589                if ( preg_match( '%^(?:https?:)?//[^/]+%i', $value, $domain_match ) ) {
     590                    $this->domain = $domain_match[0];
     591                }
    576592            } else {
    577593                $value = $this->_limit_string( $value );
Note: See TracChangeset for help on using the changeset viewer.