Make WordPress Core

Changeset 45995 for branches/4.8


Ignore:
Timestamp:
09/04/2019 05:47:22 PM (5 years ago)
Author:
SergeyBiryukov
Message:

Improve handling the existing rel attribute in wp_rel_nofollow_callback().

Merges [45990] to the 4.8 branch.
Props xknown, sstoqnov.

Location:
branches/4.8
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.8

  • branches/4.8/src/wp-includes/formatting.php

    r44837 r45995  
    27322732function wp_rel_nofollow_callback( $matches ) {
    27332733    $text = $matches[1];
    2734     $atts = shortcode_parse_atts( $matches[1] );
     2734    $atts = wp_kses_hair( $matches[1], wp_allowed_protocols() );
    27352735    $rel  = 'nofollow';
    27362736
    27372737    if ( ! empty( $atts['href'] ) ) {
    2738         if ( in_array( strtolower( wp_parse_url( $atts['href'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) {
    2739             if ( strtolower( wp_parse_url( $atts['href'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) {
     2738        if ( in_array( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) {
     2739            if ( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) {
    27402740                return "<a $text>";
    27412741            }
     
    27442744
    27452745    if ( ! empty( $atts['rel'] ) ) {
    2746         $parts = array_map( 'trim', explode( ' ', $atts['rel'] ) );
     2746        $parts = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) );
    27472747        if ( false === array_search( 'nofollow', $parts ) ) {
    27482748            $parts[] = 'nofollow';
     
    27532753        $html = '';
    27542754        foreach ( $atts as $name => $value ) {
    2755             $html .= "{$name}=\"" . esc_attr( $value ) . "\" ";
     2755            if ( isset( $value['vless'] ) && 'y' === $value['vless'] ) {
     2756                $html .= $name . ' ';
     2757            } else {
     2758                $html .= "{$name}=\"" . esc_attr( $value['value'] ) . '" ';
     2759            }
    27562760        }
    27572761        $text = trim( $html );
  • branches/4.8/tests/phpunit/tests/formatting/WPRelNoFollow.php

    r36125 r45995  
    7575        );
    7676    }
     77
     78    public function test_append_no_follow_with_valueless_attribute() {
     79        $content = '<p>This is some cool <a href="demo.com" download rel="hola">Code</a></p>';
     80        $expected = '<p>This is some cool <a href=\"demo.com\" download rel=\"hola nofollow\">Code</a></p>';
     81        $this->assertEquals( $expected, wp_rel_nofollow( $content ) );
     82    }
    7783}
Note: See TracChangeset for help on using the changeset viewer.