Changeset 52326
- Timestamp:
- 12/06/2021 11:06:40 AM (3 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/kses.php
r52309 r52326 2594 2594 function _wp_kses_allow_pdf_objects( $url ) { 2595 2595 // We're not interested in URLs that contain query strings or fragments. 2596 if ( str pos( $url, '?' ) !== false || strpos( $url, '#' ) !== false) {2596 if ( str_contains( $url, '?' ) || str_contains( $url, '#' ) ) { 2597 2597 return false; 2598 2598 } 2599 2599 2600 2600 // If it doesn't have a PDF extension, it's not safe. 2601 if ( 0 !== substr_compare( $url, '.pdf', -4, 4, true) ) {2601 if ( ! str_ends_with( $url, '.pdf' ) ) { 2602 2602 return false; 2603 2603 } … … 2608 2608 $upload_host = isset( $parsed_url['host'] ) ? $parsed_url['host'] : ''; 2609 2609 $upload_port = isset( $parsed_url['port'] ) ? ':' . $parsed_url['port'] : ''; 2610 if ( 0 === strpos( $url, "http://$upload_host$upload_port/" ) || 0 === strpos( $url, "https://$upload_host$upload_port/" ) ) { 2610 2611 if ( str_starts_with( $url, "http://$upload_host$upload_port/" ) 2612 || str_starts_with( $url, "https://$upload_host$upload_port/" ) 2613 ) { 2611 2614 return true; 2612 2615 } -
trunk/tests/phpunit/tests/kses.php
r52309 r52326 1589 1589 '', 1590 1590 ), 1591 'protocol 1591 'protocol-relative url' => array( 1592 1592 '<object type="application/pdf" data="//example.org/foo.pdf" />', 1593 '', 1594 ), 1595 'unsupported protocol' => array( 1596 '<object type="application/pdf" data="ftp://example.org/foo.pdf" />', 1593 1597 '', 1594 1598 ),
Note: See TracChangeset
for help on using the changeset viewer.