From 2afdc64723011ee98a11be901544cc49757edce6 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Mon, 30 Sep 2019 01:30:58 +0000 Subject: [PATCH] Comments: Add `rel="nofollow ugc"` attribute to links in comments. UGC stands for User Generated Content, and the `ugc` attribute value is recommended for links within user generated content, such as comments and forum posts. See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html. Props audrasjb, joostdevalk, dkarfa, SergeyBiryukov. Fixes #48022. Built from https://develop.svn.wordpress.org/trunk@46349 git-svn-id: http://core.svn.wordpress.org/trunk@46148 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/comment-template.php | 2 +- wp-includes/default-filters.php | 2 +- wp-includes/formatting.php | 98 ++++++++++++++++++++++---------- wp-includes/version.php | 2 +- 4 files changed, 72 insertions(+), 32 deletions(-) diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 69dcc1629a..294370c0fe 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -224,7 +224,7 @@ function get_comment_author_link( $comment_ID = 0 ) { if ( empty( $url ) || 'http://' == $url ) { $return = $author; } else { - $return = "$author"; + $return = "$author"; } /** diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index 423db4d540..025cabda19 100644 --- a/wp-includes/default-filters.php +++ b/wp-includes/default-filters.php @@ -246,7 +246,7 @@ add_filter( 'pre_kses', 'wp_pre_kses_less_than' ); add_filter( 'sanitize_title', 'sanitize_title_with_dashes', 10, 3 ); add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); add_filter( 'comment_flood_filter', 'wp_throttle_comment_flood', 10, 3 ); -add_filter( 'pre_comment_content', 'wp_rel_nofollow', 15 ); +add_filter( 'pre_comment_content', 'wp_rel_ugc', 15 ); add_filter( 'comment_email', 'antispambot' ); add_filter( 'option_tag_base', '_wp_filter_taxonomy_base' ); add_filter( 'option_category_base', '_wp_filter_taxonomy_base' ); diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index dda39214e0..3822c61a7b 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -3012,35 +3012,19 @@ function _split_str_by_whitespace( $string, $goal ) { } /** - * Adds rel nofollow string to all HTML A elements in content. + * Callback to add a rel attribute to HTML A element. * - * @since 1.5.0 + * Will remove already existing string before adding to prevent invalidating (X)HTML. * - * @param string $text Content that may contain HTML A elements. - * @return string Converted content. + * @since 5.3.0 + * + * @param array $matches Single match. + * @param string $rel The rel attribute to add. + * @return string HTML A element with the added rel attribute. */ -function wp_rel_nofollow( $text ) { - // This is a pre save filter, so text is already escaped. - $text = stripslashes( $text ); - $text = preg_replace_callback( '||i', 'wp_rel_nofollow_callback', $text ); - return wp_slash( $text ); -} - -/** - * Callback to add rel=nofollow string to HTML A element. - * - * Will remove already existing rel="nofollow" and rel='nofollow' from the - * string to prevent from invalidating (X)HTML. - * - * @since 2.3.0 - * - * @param array $matches Single Match - * @return string HTML A Element with rel nofollow. - */ -function wp_rel_nofollow_callback( $matches ) { +function wp_rel_callback( $matches, $rel ) { $text = $matches[1]; $atts = wp_kses_hair( $matches[1], wp_allowed_protocols() ); - $rel = 'nofollow'; if ( ! empty( $atts['href'] ) ) { if ( in_array( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) { @@ -3051,11 +3035,10 @@ function wp_rel_nofollow_callback( $matches ) { } if ( ! empty( $atts['rel'] ) ) { - $parts = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) ); - if ( false === array_search( 'nofollow', $parts ) ) { - $parts[] = 'nofollow'; - } - $rel = implode( ' ', $parts ); + $parts = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) ); + $rel_array = array_map( 'trim', explode( ' ', $rel ) ); + $parts = array_unique( array_merge( $parts, $rel_array ) ); + $rel = implode( ' ', $parts ); unset( $atts['rel'] ); $html = ''; @@ -3071,6 +3054,63 @@ function wp_rel_nofollow_callback( $matches ) { return "'; } +/** + * Adds `rel="nofollow"` string to all HTML A elements in content. + * + * @since 1.5.0 + * + * @param string $text Content that may contain HTML A elements. + * @return string Converted content. + */ +function wp_rel_nofollow( $text ) { + // This is a pre save filter, so text is already escaped. + $text = stripslashes( $text ); + $rel = 'nofollow'; + $text = preg_replace_callback( + '||i', + function( $matches ) use ( $rel ) { + return wp_rel_callback( $matches, $rel ); + }, + $text + ); + return wp_slash( $text ); +} + +/** + * Callback to add `rel="nofollow"` string to HTML A element. + * + * @since 2.3.0 + * @deprecated 5.3.0 Use wp_rel_callback() + * + * @param array $matches Single match. + * @return string HTML A Element with `rel="nofollow"`. + */ +function wp_rel_nofollow_callback( $matches ) { + return wp_rel_callback( $matches, 'nofollow' ); +} + +/** + * Adds `rel="nofollow ugc"` string to all HTML A elements in content. + * + * @since 5.3.0 + * + * @param string $text Content that may contain HTML A elements. + * @return string Converted content. + */ +function wp_rel_ugc( $text ) { + // This is a pre save filter, so text is already escaped. + $text = stripslashes( $text ); + $rel = 'nofollow ugc'; + $text = preg_replace_callback( + '||i', + function( $matches ) use ( $rel ) { + return wp_rel_callback( $matches, $rel ); + }, + $text + ); + return wp_slash( $text ); +} + /** * Adds rel noreferrer and noopener to all HTML A elements that have a target. * diff --git a/wp-includes/version.php b/wp-includes/version.php index 0dcaed22ff..563fdc95a3 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.3-beta1-46348'; +$wp_version = '5.3-beta1-46349'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.