vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Comments: Improve rel attribute usage in comments.

Browse Source 
Internal links should be followed and it should be easier to modify other rel attributes on comments. This adds a helper function for determining if a URL is internal and also adds some new filters to make it easy to modify rel attributes in comments.

Props thomasplevy, desrosj, sabernhardt, benish74, samiamnot, galbaras, jorbin.

Fixes #53290, #56444.


git-svn-id: https://develop.svn.wordpress.org/trunk@55289 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Aaron Jorbin 2023-02-07 18:52:24 +00:00
parent b1f084389c
commit ad2ba3ed0d
7 changed files with 184 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -176,7 +176,7 @@
"env:cli": "node ./tools/local-env/scripts/docker.js run cli",
"env:logs": "node ./tools/local-env/scripts/docker.js logs",
"env:pull": "node ./tools/local-env/scripts/docker.js pull",
"test:php": "node ./tools/local-env/scripts/docker.js run -T php composer update -W && node ./tools/local-env/scripts/docker.js run php ./vendor/bin/phpunit",
"test:php": "node ./tools/local-env/scripts/docker.js run -T php composer update -W && node ./tools/local-env/scripts/docker.js run php ./vendor/bin/phpunit --group formatting",
"test:e2e": "node ./tests/e2e/run-tests.js",
"test:visual": "node ./tests/visual-regression/run-tests.js",
"sync-gutenberg-packages": "grunt sync-gutenberg-packages",

41
src/wp-includes/comment-template.php
View File

@ -218,14 +218,45 @@ function get_comment_author_email_link( $linktext = '', $before = '', $after = '
* @return string The comment author name or HTML link for author's URL.
*/
function get_comment_author_link( $comment_ID = 0 ) {
$comment = get_comment( $comment_ID );
$url = get_comment_author_url( $comment );
$author = get_comment_author( $comment );
$comment = get_comment( $comment_ID );
$comment_ID = ! empty( $comment->comment_ID ) ? $comment->comment_ID : (string) $comment_ID;
$url = get_comment_author_url( $comment );
$author = get_comment_author( $comment );
if ( empty( $url ) || 'http://' === $url ) {
$return = $author;
} else {
$return = "<a href='$url' rel='external nofollow ugc' class='url'>$author</a>";
$rel_parts = array( 'ugc' );
if ( ! wp_is_internal_link( $url ) ) {
$rel_parts = array_merge(
$rel_parts,
array( 'external', 'nofollow' )
);
}
/**
* Filters the rel attributes of the comment author's link.
*
* @since 6.2.0
*
* @param string[] $rel_parts An array of strings representing the rel
* tags which will be joined into the anchor's
* rel attribute.
* @param WP_Comment $comment The comment object
*/
$rel_parts = apply_filters( 'comment_author_link_rel', $rel_parts, $comment );
$rel = implode( ' ', $rel_parts );
$rel = esc_attr( $rel );
// empty space before rel necessary for later sprintf.
$rel = ! empty( $rel ) ? sprintf( ' rel="%s"', $rel ) : '';
$return = sprintf(
'<a href="%1$s" class="url"%2$s>%3$s</a>',
$url,
$rel,
$author
);
}
/**
@ -239,7 +270,7 @@ function get_comment_author_link( $comment_ID = 0 ) {
* @param string $author The comment author's username.
* @param string $comment_ID The comment ID as a numeric string.
*/
return apply_filters( 'get_comment_author_link', $return, $author, $comment->comment_ID );
return apply_filters( 'get_comment_author_link', $return, $author, $comment_ID );
}
/**

87
src/wp-includes/formatting.php
View File

@ -2917,24 +2917,9 @@ function _make_url_clickable_cb( $matches ) {
return $matches[0];
}
if ( 'comment_text' === current_filter() ) {
$rel = 'nofollow ugc';
} else {
$rel = 'nofollow';
}
$rel_attr = _make_clickable_rel_attr( $url );
return $matches[1] . "<a href=\"$url\"$rel_attr>$url</a>" . $suffix;
/**
* Filters the rel value that is added to URL matches converted to links.
*
* @since 5.3.0
*
* @param string $rel The rel value.
* @param string $url The matched URL being converted to a link tag.
*/
$rel = apply_filters( 'make_clickable_rel', $rel, $url );
$rel = esc_attr( $rel );
return $matches[1] . "<a href=\"$url\" rel=\"$rel\">$url</a>" . $suffix;
}
/**
@ -2965,17 +2950,8 @@ function _make_web_ftp_clickable_cb( $matches ) {
return $matches[0];
}
if ( 'comment_text' === current_filter() ) {
$rel = 'nofollow ugc';
} else {
$rel = 'nofollow';
}
/** This filter is documented in wp-includes/formatting.php */
$rel = apply_filters( 'make_clickable_rel', $rel, $dest );
$rel = esc_attr( $rel );
return $matches[1] . "<a href=\"$dest\" rel=\"$rel\">$dest</a>$ret";
$rel_attr = _make_clickable_rel_attr( $dest );
return $matches[1] . "<a href='{$dest}'{$rel_attr}>{$dest}</a>{$ret}";
}
/**
@ -2994,6 +2970,48 @@ function _make_email_clickable_cb( $matches ) {
return $matches[1] . "<a href=\"mailto:$email\">$email</a>";
}
/**
* Helper function used to build the "rel" attribute for a URL when creating an anchor using make_clickable().
*
* @since 6.2.0
*
* @param string $url The URL.
* @return string The rel attribute for the anchor or an empty string if no rel attribute should be added.
*/
function _make_clickable_rel_attr( $url ) {
$rel_parts = array();
$scheme = strtolower( wp_parse_url( $url, PHP_URL_SCHEME ) );
$nofollow_schemes = array_intersect( wp_allowed_protocols(), array( 'https', 'http' ) );
// Apply "nofollow" to external links with qualifying URL schemes (mailto:, tel:, etc... shouldn't be followed).
if ( ! wp_is_internal_link( $url ) && in_array( $scheme, $nofollow_schemes, true ) ) {
$rel_parts[] = 'nofollow';
}
// Apply "ugc" when in comment context.
if ( 'comment_text' === current_filter() ) {
$rel_parts[] = 'ugc';
}
$rel = implode( ' ', $rel_parts );
/**
* Filters the rel value that is added to URL matches converted to links.
*
* @since 5.3.0
*
* @param string $rel The rel value.
* @param string $url The matched URL being converted to a link tag.
*/
$rel = apply_filters( 'make_clickable_rel', $rel, $url );
$rel_attr = $rel ? ' rel="' . esc_attr( $rel ) . '"' : '';
return $rel_attr;
}
/**
* Converts plaintext URI to HTML links.
*
@ -3137,12 +3155,8 @@ function wp_rel_callback( $matches, $rel ) {
$text = $matches[1];
$atts = wp_kses_hair( $matches[1], wp_allowed_protocols() );
if ( ! empty( $atts['href'] ) ) {
if ( in_array( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) {
if ( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) {
return "<a $text>";
}
}
if ( ! empty( $atts['href'] ) && wp_is_internal_link( $atts['href']['value'] ) ) {
$rel = trim( str_replace( 'nofollow', '', $rel ) );
}
if ( ! empty( $atts['rel'] ) ) {
@ -3162,7 +3176,10 @@ function wp_rel_callback( $matches, $rel ) {
}
$text = trim( $html );
}
return "<a $text rel=\"" . esc_attr( $rel ) . '">';
$rel_attr = $rel ? ' rel="' . esc_attr( $rel ) . '"' : '';
return "<a {$text}{$rel_attr}>";
}
/**

60
src/wp-includes/link-template.php
View File

@ -4688,3 +4688,63 @@ function get_the_privacy_policy_link( $before = '', $after = '' ) {
return '';
}
/**
* Returns an array of URL hosts which are considered to be internal hosts.
*
* By default the list of internal hosts is comproside of the PHP_URL_HOST of
* the site's home_url() (as parsed by wp_parse_url()).
*
* This list is used when determining if a specificed URL is a link to a page on
* the site itself or a link offsite (to an external host). This is used, for
* example, when determining if the "nofollow" attribute should be applied to a
* link.
*
* @see wp_is_internal_link
*
* @since 6.2.0
*
* @return string[] An array of URL hosts.
*/
function wp_internal_hosts() {
static $internal_hosts;
if ( empty( $internal_hosts ) ) {
/**
* Filters the array of URL hosts which are considered internal.
*
* @since 6.2.9
*
* @param array $internal_hosts An array of internal URL hostnames.
*/
$internal_hosts = apply_filters(
'wp_internal_hosts',
array(
wp_parse_url( home_url(), PHP_URL_HOST ),
)
);
$internal_hosts = array_unique(
array_map( 'strtolower', (array) $internal_hosts )
);
}
return $internal_hosts;
}
/**
* Determines whether or not the specified URL is of a host included in the internal hosts list.
*
* @see wp_internal_hosts()
*
* @since 6.2.0
*
* @param string $link The URL to test.
* @return bool Returns true for internal URLs and false for all other URLs.
*/
function wp_is_internal_link( $link ) {
$link = strtolower( $link );
if ( in_array( wp_parse_url( $link, PHP_URL_SCHEME ), wp_allowed_protocols(), true ) ) {
return in_array( wp_parse_url( $link, PHP_URL_HOST ), wp_internal_hosts(), true );
}
return false;
}

47
tests/phpunit/tests/formatting/makeClickable.php
View File

@ -108,12 +108,12 @@ class Tests_Formatting_MakeClickable extends WP_UnitTestCase {
'There was a spoon named www.wordpress.org) said Alice.',
);
$urls_expected = array(
'<a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>. Alice!',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>, said Alice.',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>; said Alice.',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>: said Alice.',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>) said Alice.',
"<a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>. Alice!",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>, said Alice.",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>; said Alice.",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>: said Alice.",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>) said Alice.",
);
foreach ( $urls_before as $key => $url ) {
@ -135,12 +135,12 @@ class Tests_Formatting_MakeClickable extends WP_UnitTestCase {
'There was a spoon named www.wordpress.org)',
);
$urls_expected = array(
'<a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>.',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>,',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>;',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>:',
'There was a spoon named <a href="http://www.wordpress.org" rel="nofollow">http://www.wordpress.org</a>)',
"<a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>.",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>,",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>;",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>:",
"There was a spoon named <a href='http://www.wordpress.org' rel=\"nofollow\">http://www.wordpress.org</a>)",
);
foreach ( $urls_before as $key => $url ) {
@ -217,7 +217,7 @@ class Tests_Formatting_MakeClickable extends WP_UnitTestCase {
'In his famous speech “You and Your research” (here: http://www.cs.virginia.edu/~robins/YouAndYourResearch.html) Richard Hamming wrote about people getting more done with their doors closed...',
);
$urls_expected = array(
'Example: WordPress, test (some text), I love example.com (<a href="http://example.org" rel="nofollow">http://example.org</a>), it is brilliant',
'Example: WordPress, test (some text), I love example.com (<a href="http://example.org">http://example.org</a>), it is brilliant',
'Example: WordPress, test (some text), I love example.com (<a href="http://example.com" rel="nofollow">http://example.com</a>), it is brilliant',
'Some text followed by a bracketed link with a trailing elipsis (<a href="http://example.com" rel="nofollow">http://example.com</a>)...',
'In his famous speech “You and Your research” (here: <a href="http://www.cs.virginia.edu/~robins/YouAndYourResearch.html" rel="nofollow">http://www.cs.virginia.edu/~robins/YouAndYourResearch.html</a>) Richard Hamming wrote about people getting more done with their doors closed...',
@ -421,6 +421,7 @@ class Tests_Formatting_MakeClickable extends WP_UnitTestCase {
/**
* @ticket 48022
* @ticket 56444
* @dataProvider data_add_rel_ugc_in_comments
*/
public function test_add_rel_ugc_in_comments( $content, $expected ) {
@ -438,14 +439,32 @@ class Tests_Formatting_MakeClickable extends WP_UnitTestCase {
}
public function data_add_rel_ugc_in_comments() {
$home_url_http = set_url_scheme( home_url(), 'http' );
$home_url_https = set_url_scheme( home_url(), 'https' );
return array(
// @ticket 48022
array(
'http://wordpress.org',
'<a href="http://wordpress.org" rel="nofollow ugc">http://wordpress.org</a>',
),
array(
'www.wordpress.org',
'<p><a href="http://www.wordpress.org" rel="nofollow ugc">http://www.wordpress.org</a>',
'<p><a href=\'http://www.wordpress.org\' rel="nofollow ugc">http://www.wordpress.org</a>',
),
// @ticket 56444
array(
'www.example.org',
'<p><a href=\'http://www.example.org\' rel="nofollow ugc">http://www.example.org</a>',
),
array(
$home_url_http,
'<a href="' . $home_url_http . '" rel="ugc">' . $home_url_http . '</a>',
),
array(
$home_url_https,
'<a href="' . $home_url_https . '" rel="ugc">' . $home_url_https . '</a>',
),
);
}

40
tests/phpunit/tests/formatting/wpRelNofollow.php
View File

@ -11,16 +11,6 @@ class Tests_Formatting_wpRelNofollow extends WP_UnitTestCase {
* @ticket 9959
*/
public function test_add_no_follow() {
if ( PHP_VERSION_ID >= 80100 ) {
/*
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
* via hooked in filter functions until a more structural solution to the
* "missing input validation" conundrum has been architected and implemented.
*/
$this->expectDeprecation();
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
}
$content = '<p>This is some cool <a href="/">Code</a></p>';
$expected = '<p>This is some cool <a href=\"/\" rel=\"nofollow\">Code</a></p>';
$this->assertSame( $expected, wp_rel_nofollow( $content ) );
@ -30,16 +20,6 @@ class Tests_Formatting_wpRelNofollow extends WP_UnitTestCase {
* @ticket 9959
*/
public function test_convert_no_follow() {
if ( PHP_VERSION_ID >= 80100 ) {
/*
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
* via hooked in filter functions until a more structural solution to the
* "missing input validation" conundrum has been architected and implemented.
*/
$this->expectDeprecation();
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
}
$content = '<p>This is some cool <a href="/" rel="weird">Code</a></p>';
$expected = '<p>This is some cool <a href=\"/\" rel=\"weird nofollow\">Code</a></p>';
$this->assertSame( $expected, wp_rel_nofollow( $content ) );
@ -50,16 +30,6 @@ class Tests_Formatting_wpRelNofollow extends WP_UnitTestCase {
* @dataProvider data_wp_rel_nofollow
*/
public function test_wp_rel_nofollow( $input, $output, $expect_deprecation = false ) {
if ( true === $expect_deprecation && PHP_VERSION_ID >= 80100 ) {
/*
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
* via hooked in filter functions until a more structural solution to the
* "missing input validation" conundrum has been architected and implemented.
*/
$this->expectDeprecation();
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
}
$this->assertSame( wp_slash( $output ), wp_rel_nofollow( $input ) );
}
@ -109,16 +79,6 @@ class Tests_Formatting_wpRelNofollow extends WP_UnitTestCase {
}
public function test_append_no_follow_with_valueless_attribute() {
if ( PHP_VERSION_ID >= 80100 ) {
/*
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
* via hooked in filter functions until a more structural solution to the
* "missing input validation" conundrum has been architected and implemented.
*/
$this->expectDeprecation();
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
}
$content = '<p>This is some cool <a href="demo.com" download rel="hola">Code</a></p>';
$expected = '<p>This is some cool <a href=\"demo.com\" download rel=\"hola nofollow\">Code</a></p>';
$this->assertSame( $expected, wp_rel_nofollow( $content ) );

43
tests/phpunit/tests/formatting/wpRelUgc.php
View File

@ -11,16 +11,6 @@ class Tests_Formatting_wpRelUgc extends WP_UnitTestCase {
* @ticket 48022
*/
public function test_add_ugc() {
if ( PHP_VERSION_ID >= 80100 ) {
/*
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
* via hooked in filter functions until a more structural solution to the
* "missing input validation" conundrum has been architected and implemented.
*/
$this->expectDeprecation();
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
}
$content = '<p>This is some cool <a href="/">Code</a></p>';
$expected = '<p>This is some cool <a href=\"/\" rel=\"nofollow ugc\">Code</a></p>';
$this->assertSame( $expected, wp_rel_ugc( $content ) );
@ -30,16 +20,6 @@ class Tests_Formatting_wpRelUgc extends WP_UnitTestCase {
* @ticket 48022
*/
public function test_convert_ugc() {
if ( PHP_VERSION_ID >= 80100 ) {
/*
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
* via hooked in filter functions until a more structural solution to the
* "missing input validation" conundrum has been architected and implemented.
*/
$this->expectDeprecation();
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
}
$content = '<p>This is some cool <a href="/" rel="weird">Code</a></p>';
$expected = '<p>This is some cool <a href=\"/\" rel=\"weird nofollow ugc\">Code</a></p>';
$this->assertSame( $expected, wp_rel_ugc( $content ) );
@ -50,16 +30,6 @@ class Tests_Formatting_wpRelUgc extends WP_UnitTestCase {
* @dataProvider data_wp_rel_ugc
*/
public function test_wp_rel_ugc( $input, $output, $expect_deprecation = false ) {
if ( true === $expect_deprecation && PHP_VERSION_ID >= 80100 ) {
/*
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
* via hooked in filter functions until a more structural solution to the
* "missing input validation" conundrum has been architected and implemented.
*/
$this->expectDeprecation();
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
}
$this->assertSame( wp_slash( $output ), wp_rel_ugc( $input ) );
}
@ -99,25 +69,16 @@ class Tests_Formatting_wpRelUgc extends WP_UnitTestCase {
),
array(
'<a href="' . $home_url_http . '/some-url">Home URL (http)</a>',
'<a href="' . $home_url_http . '/some-url">Home URL (http)</a>',
'<a href="' . $home_url_http . '/some-url" rel="ugc">Home URL (http)</a>',
),
array(
'<a href="' . $home_url_https . '/some-url">Home URL (https)</a>',
'<a href="' . $home_url_https . '/some-url">Home URL (https)</a>',
'<a href="' . $home_url_https . '/some-url" rel="ugc">Home URL (https)</a>',
),
);
}
public function test_append_ugc_with_valueless_attribute() {
if ( PHP_VERSION_ID >= 80100 ) {
/*
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
* via hooked in filter functions until a more structural solution to the
* "missing input validation" conundrum has been architected and implemented.
*/
$this->expectDeprecation();
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
}
$content = '<p>This is some cool <a href="demo.com" download rel="hola">Code</a></p>';
$expected = '<p>This is some cool <a href=\"demo.com\" download rel=\"hola nofollow ugc\">Code</a></p>';