Opened 17 months ago
Closed 13 months ago
#19665 closed defect (bug) (fixed)
Plugin installer beaks https URLs
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 3.4 |
| Component: | Upgrade/Install | Version: | 3.3 |
| Severity: | normal | Keywords: | has-patch |
| Cc: |
Description
From plugin installer search for plugin which has https link(s) in its readme.txt (e.g. AntiVirus). When you show details for such plugin, all https links will be broken - they will be prefixed by link to plugin's page in repository. I am not sure if API returns such links, or this prefix is added on WP side.
These link(s) are displayed correctly on wordpress.org plugin's page.
Attachments (3)
Change History (8)
SergeyBiryukov — 17 months ago
comment:1
SergeyBiryukov — 17 months ago
- Keywords has-patch added; needs-patch removed
- Milestone changed from Awaiting Review to 3.4
19665.2.diff doesn't prepend anything that starts with a protocol like string (e.g. mailto:, irc:, svn:) and ensures that the URL actually begins with said protocol rather than just appearing somewhere in it.
@duck_: mailto protocol does not use slashes - e.g. mailto:someone@somewhere.com. So your path should look for ":" after word only.
SergeyBiryukov — 16 months ago
comment:4
SergeyBiryukov — 16 months ago
19665.3.patch uses wp_allowed_protocols() for additional validation.
Links in plugin descriptions go through links_add_base_url().
The problem is that _links_add_base() only checks for http:
http://core.trac.wordpress.org/browser/tags/3.3/wp-includes/formatting.php#L2815