Commit 18d741be37 for wordpress.org

commit 18d741be3762cf33c8ccdbcc066b6048275288a1
Author: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date:   Mon Dec 6 11:08:01 2021 +0000

    KSES: Use the polyfilled PHP 8 string functions in `_wp_kses_allow_pdf_objects()`:

    * `str_contains()`
    * `str_ends_with()`
    * `str_starts_with()`

    Additionally, include a test for a PDF file in an `<object>` tag with an unsupported protocol.

    Follow-up to [51963], [52039], [52040], [52304], [52309].

    Props TobiasBg, ramonopoly.
    See #54261.
    Built from https://develop.svn.wordpress.org/trunk@52326


    git-svn-id: http://core.svn.wordpress.org/trunk@51918 1a063a9b-81f0-0310-95a4-ce76da25c4cd

diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index 3d35eb2c20..5ad504602b 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -2593,12 +2593,12 @@ function _wp_add_global_attributes( $value ) {
  */
 function _wp_kses_allow_pdf_objects( $url ) {
 	// We're not interested in URLs that contain query strings or fragments.
-	if ( strpos( $url, '?' ) !== false || strpos( $url, '#' ) !== false ) {
+	if ( str_contains( $url, '?' ) || str_contains( $url, '#' ) ) {
 		return false;
 	}

 	// If it doesn't have a PDF extension, it's not safe.
-	if ( 0 !== substr_compare( $url, '.pdf', -4, 4, true ) ) {
+	if ( ! str_ends_with( $url, '.pdf' ) ) {
 		return false;
 	}

@@ -2607,7 +2607,10 @@ function _wp_kses_allow_pdf_objects( $url ) {
 	$parsed_url  = wp_parse_url( $upload_info['url'] );
 	$upload_host = isset( $parsed_url['host'] ) ? $parsed_url['host'] : '';
 	$upload_port = isset( $parsed_url['port'] ) ? ':' . $parsed_url['port'] : '';
-	if ( 0 === strpos( $url, "http://$upload_host$upload_port/" ) || 0 === strpos( $url, "https://$upload_host$upload_port/" ) ) {
+
+	if ( str_starts_with( $url, "http://$upload_host$upload_port/" )
+		|| str_starts_with( $url, "https://$upload_host$upload_port/" )
+	) {
 		return true;
 	}

diff --git a/wp-includes/version.php b/wp-includes/version.php
index 7e94382e0f..c430d60383 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.9-beta1-52325';
+$wp_version = '5.9-beta1-52326';

 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.