From 4171ea192b6982794eab041552c082967f9cebb5 Mon Sep 17 00:00:00 2001
From: duck_ <duck_@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 29 Sep 2011 22:33:51 +0000
Subject: [PATCH] Introduce wp_allowed_protocols() for use in wp_kses() and
 esc_url(). See #18268.

This allows plugins to filter the list of protocols used for esc_url() too, and helps us keep the list of protocols in sync.


git-svn-id: http://svn.automattic.com/wordpress/trunk@18826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/formatting.php |  4 ++--
 wp-includes/functions.php  | 20 ++++++++++++++++++++
 wp-includes/kses.php       |  2 +-
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index abdb701665..2f9bc8613f 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -2299,8 +2299,8 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
 		$url = str_replace( "'", '&#039;', $url );
 	}
 
-	if ( !is_array($protocols) )
-		$protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn');
+	if ( ! is_array( $protocols ) )
+		$protocols = wp_allowed_protocols();
 	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
 		return '';
 
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index dc9a66157d..bc14a239c0 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -4610,4 +4610,24 @@ function send_frame_options_header() {
 	@header( 'X-Frame-Options: SAMEORIGIN' );
 }
 
+/**
+ * Retrieve a list of protocols to allow in HTML attributes.
+ *
+ * @since 3.3.0
+ * @see wp_kses()
+ * @see esc_url()
+ *
+ * @return array Array of allowed protocols
+ */
+function wp_allowed_protocols() {
+	static $protocols;
+
+	if ( empty( $protocols ) ) {
+		$protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' );
+		$protocols = apply_filters( 'kses_allowed_protocols', $protocols );
+	}
+
+	return $protocols;
+}
+
 ?>
diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index 3a4da1e392..1e0ee13679 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -500,7 +500,7 @@ if ( ! CUSTOM_TAGS ) {
  * @return string Filtered content with only allowed HTML elements
  */
 function wp_kses($string, $allowed_html, $allowed_protocols = array ()) {
-	$allowed_protocols = wp_parse_args( $allowed_protocols, apply_filters('kses_allowed_protocols', array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn') ));
+	$allowed_protocols = wp_parse_args( $allowed_protocols, wp_allowed_protocols() );
 	$string = wp_kses_no_null($string);
 	$string = wp_kses_js_entities($string);
 	$string = wp_kses_normalize_entities($string);