Changeset 48072 for trunk/src/wp-includes/formatting.php

Timestamp:

06/17/2020 03:22:49 PM (5 years ago)

Author:

swissspidy

Message:

Sitemaps: Add XML sitemaps functionality to WordPress.

While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.

See ​https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.

This feature exposes the sitemap index via /wp-sitemap.xml and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.

This change also introduces a new esc_xml() function to escape strings for output in XML, as well as XML support to wp_kses_normalize_entities().

Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes #50117.
See #3670. See #19998.

File:

• trunk/src/wp-includes/formatting.php (modified) (5 diffs)

trunk/src/wp-includes/formatting.php

@@ -936 +936 @@
  *
  * @since 1.2.2
+ * @since 5.5.0 `$quote_style` also accepts '`ENT_XML1`.
  * @access private
  *
@@ -943 +944 @@
  * @param int|string   $quote_style   Optional. Converts double quotes if set to ENT_COMPAT,
  *                                    both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES.
- *                                    Also compatible with old values; converting single quotes if set to 'single',
+ *                                    Converts single and double quotes, as well as converting HTML
+ *                                    named entities (that are not also XML named entities) to their
+ *                                    code points if set to ENT_XML1. Also compatible with old values;
+ *                                    converting single quotes if set to 'single',
  *                                    double if set to 'double' or both if otherwise set.
  *                                    Default is ENT_NOQUOTES.
@@ -965 +969 @@
     if ( empty( $quote_style ) ) {
         $quote_style = ENT_NOQUOTES;
-    } elseif ( ! in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
+    } elseif ( ENT_XML1 === $quote_style ) {
+        $quote_style = ENT_QUOTES | ENT_XML1;
+    } elseif ( ! in_array( $quote_style, array( ENT_NOQUOTES, ENT_COMPAT, ENT_QUOTES, 'single', 'double' ), true ) ) {
         $quote_style = ENT_QUOTES;
     }
@@ -995 +1001 @@
         // Guarantee every &entity; is valid, convert &garbage; into &garbage;
         // This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
-        $string = wp_kses_normalize_entities( $string );
+        $string = wp_kses_normalize_entities( $string, ( $quote_style & ENT_XML1 ) ? 'xml' : 'html' );
     }
 
@@ -4538 +4544 @@
 
 /**
+ * Escaping for XML blocks.
+ *
+ * @since 5.5.0
+ *
+ * @param string $text Text to escape.
+ * @return string Escaped text.
+ */
+function esc_xml( $text ) {
+    $safe_text = wp_check_invalid_utf8( $text );
+
+    $cdata_regex = '\<\!\[CDATA\[.*?\]\]\>';
+    $regex       = <<<EOF
+/
+    (?=.*?{$cdata_regex})                 # lookahead that will match anything followed by a CDATA Section
+    (?<non_cdata_followed_by_cdata>(.*?)) # the "anything" matched by the lookahead
+    (?<cdata>({$cdata_regex}))            # the CDATA Section matched by the lookahead
+
+|                                         # alternative
+
+    (?<non_cdata>(.*))                    # non-CDATA Section
+/sx
+EOF;
+
+    $safe_text = (string) preg_replace_callback(
+        $regex,
+        static function( $matches ) {
+            if ( ! $matches[0] ) {
+                return '';
+            }
+
+            if ( ! empty( $matches['non_cdata'] ) ) {
+                // escape HTML entities in the non-CDATA Section.
+                return _wp_specialchars( $matches['non_cdata'], ENT_XML1 );
+            }
+
+            // Return the CDATA Section unchanged, escape HTML entities in the rest.
+            return _wp_specialchars( $matches['non_cdata_followed_by_cdata'], ENT_XML1 ) . $matches['cdata'];
+        },
+        $safe_text
+    );
+
+    /**
+     * Filters a string cleaned and escaped for output in XML.
+     *
+     * Text passed to esc_xml() is stripped of invalid or special characters
+     * before output. HTML named character references are converted to their
+     * equivalent code points.
+     *
+     * @since 5.5.0
+     *
+     * @param string $safe_text The text after it has been escaped.
+     * @param string $text      The text prior to being escaped.
+     */
+    return apply_filters( 'esc_xml', $safe_text, $text );
+}
+
+/**
  * Escape an HTML tag name.
  *