From aae9afe5aa616d371e3ed34517f2f7909ab41f2b Mon Sep 17 00:00:00 2001
From: Pascal Birchler <swissspidy@git.wordpress.org>
Date: Wed, 30 Dec 2015 23:19:11 +0000
Subject: [PATCH] Comments: Don't nofollow links within the site.

Fixes #11360.

git-svn-id: https://develop.svn.wordpress.org/trunk@36125 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/formatting.php                |  9 +++-
 .../tests/formatting/WPRelNoFollow.php        | 54 ++++++++++++++++++-
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
index ac28d347f0..0ad1b5d583 100644
--- a/src/wp-includes/formatting.php
+++ b/src/wp-includes/formatting.php
@@ -2336,7 +2336,14 @@ function wp_rel_nofollow( $text ) {
 function wp_rel_nofollow_callback( $matches ) {
 	$text = $matches[1];
 	$atts = shortcode_parse_atts( $matches[1] );
-	$rel = 'nofollow';
+	$rel  = 'nofollow';
+
+	if ( preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'http' ) ) . ')%i', $text ) ||
+	     preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'https' ) ) . ')%i', $text )
+	) {
+		return "<a $text>";
+	}
+
 	if ( ! empty( $atts['rel'] ) ) {
 		$parts = array_map( 'trim', explode( ' ', $atts['rel'] ) );
 		if ( false === array_search( 'nofollow', $parts ) ) {
diff --git a/tests/phpunit/tests/formatting/WPRelNoFollow.php b/tests/phpunit/tests/formatting/WPRelNoFollow.php
index 821bb936a1..bd13a83b5e 100644
--- a/tests/phpunit/tests/formatting/WPRelNoFollow.php
+++ b/tests/phpunit/tests/formatting/WPRelNoFollow.php
@@ -22,4 +22,56 @@ class Tests_Rel_No_Follow extends WP_UnitTestCase {
 		$expected = '<p>This is some cool <a href=\"/\" rel=\"weird nofollow\">Code</a></p>';
 		$this->assertEquals( $expected, wp_rel_nofollow( $content ) );
 	}
-}
\ No newline at end of file
+
+	/**
+	 * @ticket 11360
+	 * @dataProvider data_wp_rel_nofollow
+	 */
+	public function test_wp_rel_nofollow( $input, $output ) {
+		return $this->assertEquals( wp_slash( $output ), wp_rel_nofollow( $input ) );
+	}
+
+	public function data_wp_rel_nofollow() {
+		$home_url_http  = set_url_scheme( home_url(), 'http' );
+		$home_url_https = set_url_scheme( home_url(), 'https' );
+
+		return array(
+			array(
+				'<a href="">Double Quotes</a>',
+				'<a href="" rel="nofollow">Double Quotes</a>',
+			),
+			array(
+				'<a href="https://wordpress.org">Double Quotes</a>',
+				'<a href="https://wordpress.org" rel="nofollow">Double Quotes</a>',
+			),
+			array(
+				"<a href='https://wordpress.org'>Single Quotes</a>",
+				"<a href='https://wordpress.org' rel=\"nofollow\">Single Quotes</a>",
+			),
+			array(
+				'<a href="https://wordpress.org" title="Title">Multiple attributes</a>',
+				'<a href="https://wordpress.org" title="Title" rel="nofollow">Multiple attributes</a>',
+			),
+			array(
+				'<a title="Title" href="https://wordpress.org">Multiple attributes</a>',
+				'<a title="Title" href="https://wordpress.org" rel="nofollow">Multiple attributes</a>',
+			),
+			array(
+				'<a data-someflag href="https://wordpress.org">Multiple attributes</a>',
+				'<a data-someflag href="https://wordpress.org" rel="nofollow">Multiple attributes</a>',
+			),
+			array(
+				'<a  data-someflag  title="Title"  href="https://wordpress.org" onclick=""  >Everything at once</a>',
+				'<a  data-someflag  title="Title"  href="https://wordpress.org" onclick=""   rel="nofollow">Everything at once</a>',
+			),
+			array(
+				'<a href="' . $home_url_http . '/some-url">Home URL (http)</a>',
+				'<a href="' . $home_url_http . '/some-url">Home URL (http)</a>',
+			),
+			array(
+				'<a href="' . $home_url_https . '/some-url">Home URL (https)</a>',
+				'<a href="' . $home_url_https . '/some-url">Home URL (https)</a>',
+			),
+		);
+	}
+}