_wp_kses_allow_pdf_objects()
Helper function to check if this is a safe PDF URL.
Internal function — this function is designed to be used by the kernel itself. It is not recommended to use this function in your code.
No Hooks.
Return
true|false. True if the URL is safe, false otherwise.
Usage
_wp_kses_allow_pdf_objects( $url );
- $url(string) (required)
- The URL to check.
Changelog
| Since 5.9.0 | Introduced. |
_wp_kses_allow_pdf_objects() wp kses allow pdf objects code WP 6.7.1
function _wp_kses_allow_pdf_objects( $url ) {
// We're not interested in URLs that contain query strings or fragments.
if ( str_contains( $url, '?' ) || str_contains( $url, '#' ) ) {
return false;
}
// If it doesn't have a PDF extension, it's not safe.
if ( ! str_ends_with( $url, '.pdf' ) ) {
return false;
}
// If the URL host matches the current site's media URL, it's safe.
$upload_info = wp_upload_dir( null, false );
$parsed_url = wp_parse_url( $upload_info['url'] );
$upload_host = isset( $parsed_url['host'] ) ? $parsed_url['host'] : '';
$upload_port = isset( $parsed_url['port'] ) ? ':' . $parsed_url['port'] : '';
if ( str_starts_with( $url, "http://$upload_host$upload_port/" )
|| str_starts_with( $url, "https://$upload_host$upload_port/" )
) {
return true;
}
return false;
}