From 491a682bc4a93a89d062498b5d04bd14d9aa26e0 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Wed, 4 Sep 2019 17:41:50 +0000 Subject: [PATCH] Improve handling the existing `rel` attribute in `wp_rel_nofollow_callback()`. Merges [45990] to the 5.1 branch. Props xknown, sstoqnov. Built from https://develop.svn.wordpress.org/branches/5.1@45992 git-svn-id: http://core.svn.wordpress.org/branches/5.1@45803 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/formatting.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 835862c77f..d11700779b 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -3001,19 +3001,19 @@ function wp_rel_nofollow( $text ) { */ function wp_rel_nofollow_callback( $matches ) { $text = $matches[1]; - $atts = shortcode_parse_atts( $matches[1] ); + $atts = wp_kses_hair( $matches[1], wp_allowed_protocols() ); $rel = 'nofollow'; if ( ! empty( $atts['href'] ) ) { - if ( in_array( strtolower( wp_parse_url( $atts['href'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) { - if ( strtolower( wp_parse_url( $atts['href'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) { + if ( in_array( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) { + if ( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) { return ""; } } } if ( ! empty( $atts['rel'] ) ) { - $parts = array_map( 'trim', explode( ' ', $atts['rel'] ) ); + $parts = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) ); if ( false === array_search( 'nofollow', $parts ) ) { $parts[] = 'nofollow'; } @@ -3022,7 +3022,11 @@ function wp_rel_nofollow_callback( $matches ) { $html = ''; foreach ( $atts as $name => $value ) { - $html .= "{$name}=\"" . esc_attr( $value ) . '" '; + if ( isset( $value['vless'] ) && 'y' === $value['vless'] ) { + $html .= $name . ' '; + } else { + $html .= "{$name}=\"" . esc_attr( $value['value'] ) . '" '; + } } $text = trim( $html ); }