Make WordPress Core


Ignore:
Timestamp:
02/07/2023 06:52:24 PM (17 months ago)
Author:
jorbin
Message:

Comments: Improve rel attribute usage in comments.

Internal links should be followed and it should be easier to modify other rel attributes on comments. This adds a helper function for determining if a URL is internal and also adds some new filters to make it easy to modify rel attributes in comments.

Props thomasplevy, desrosj, sabernhardt, benish74, samiamnot, galbaras, jorbin.

Fixes #53290, #56444.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r55279 r55289  
    29182918    }
    29192919
    2920     if ( 'comment_text' === current_filter() ) {
    2921         $rel = 'nofollow ugc';
    2922     } else {
    2923         $rel = 'nofollow';
    2924     }
    2925 
    2926     /**
    2927      * Filters the rel value that is added to URL matches converted to links.
    2928      *
    2929      * @since 5.3.0
    2930      *
    2931      * @param string $rel The rel value.
    2932      * @param string $url The matched URL being converted to a link tag.
    2933      */
    2934     $rel = apply_filters( 'make_clickable_rel', $rel, $url );
    2935     $rel = esc_attr( $rel );
    2936 
    2937     return $matches[1] . "<a href=\"$url\" rel=\"$rel\">$url</a>" . $suffix;
     2920    $rel_attr = _make_clickable_rel_attr( $url );
     2921    return $matches[1] . "<a href=\"$url\"$rel_attr>$url</a>" . $suffix;
     2922
    29382923}
    29392924
     
    29662951    }
    29672952
    2968     if ( 'comment_text' === current_filter() ) {
    2969         $rel = 'nofollow ugc';
    2970     } else {
    2971         $rel = 'nofollow';
    2972     }
    2973 
    2974     /** This filter is documented in wp-includes/formatting.php */
    2975     $rel = apply_filters( 'make_clickable_rel', $rel, $dest );
    2976     $rel = esc_attr( $rel );
    2977 
    2978     return $matches[1] . "<a href=\"$dest\" rel=\"$rel\">$dest</a>$ret";
     2953    $rel_attr = _make_clickable_rel_attr( $dest );
     2954    return $matches[1] . "<a href='{$dest}'{$rel_attr}>{$dest}</a>{$ret}";
    29792955}
    29802956
     
    29932969    $email = $matches[2] . '@' . $matches[3];
    29942970    return $matches[1] . "<a href=\"mailto:$email\">$email</a>";
     2971}
     2972
     2973/**
     2974 * Helper function used to build the "rel" attribute for a URL when creating an anchor using make_clickable().
     2975 *
     2976 * @since 6.2.0
     2977 *
     2978 * @param string $url The URL.
     2979 * @return string The rel attribute for the anchor or an empty string if no rel attribute should be added.
     2980 */
     2981function _make_clickable_rel_attr( $url ) {
     2982
     2983    $rel_parts        = array();
     2984    $scheme           = strtolower( wp_parse_url( $url, PHP_URL_SCHEME ) );
     2985    $nofollow_schemes = array_intersect( wp_allowed_protocols(), array( 'https', 'http' ) );
     2986
     2987    // Apply "nofollow" to external links with qualifying URL schemes (mailto:, tel:, etc... shouldn't be followed).
     2988    if ( ! wp_is_internal_link( $url ) && in_array( $scheme, $nofollow_schemes, true ) ) {
     2989        $rel_parts[] = 'nofollow';
     2990    }
     2991
     2992    // Apply "ugc" when in comment context.
     2993    if ( 'comment_text' === current_filter() ) {
     2994        $rel_parts[] = 'ugc';
     2995    }
     2996
     2997    $rel = implode( ' ', $rel_parts );
     2998
     2999    /**
     3000     * Filters the rel value that is added to URL matches converted to links.
     3001     *
     3002     * @since 5.3.0
     3003     *
     3004     * @param string $rel The rel value.
     3005     * @param string $url The matched URL being converted to a link tag.
     3006     */
     3007    $rel = apply_filters( 'make_clickable_rel', $rel, $url );
     3008
     3009    $rel_attr = $rel ? ' rel="' . esc_attr( $rel ) . '"' : '';
     3010
     3011    return $rel_attr;
     3012
    29953013}
    29963014
     
    31383156    $atts = wp_kses_hair( $matches[1], wp_allowed_protocols() );
    31393157
    3140     if ( ! empty( $atts['href'] ) ) {
    3141         if ( in_array( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) {
    3142             if ( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) {
    3143                 return "<a $text>";
    3144             }
    3145         }
     3158    if ( ! empty( $atts['href'] ) && wp_is_internal_link( $atts['href']['value'] ) ) {
     3159        $rel = trim( str_replace( 'nofollow', '', $rel ) );
    31463160    }
    31473161
     
    31633177        $text = trim( $html );
    31643178    }
    3165     return "<a $text rel=\"" . esc_attr( $rel ) . '">';
     3179
     3180    $rel_attr = $rel ? ' rel="' . esc_attr( $rel ) . '"' : '';
     3181
     3182    return "<a {$text}{$rel_attr}>";
    31663183}
    31673184
Note: See TracChangeset for help on using the changeset viewer.