Ticket #16859: 16859.diff
| File 16859.diff, 7.3 KB (added by , 10 years ago) |
|---|
-
src/wp-includes/formatting.php
2077 2077 $ret = ''; 2078 2078 $dest = $matches[2]; 2079 2079 $dest = 'http://' . $dest; 2080 $dest = esc_url($dest);2081 if ( empty($dest) )2082 return $matches[0];2083 2080 2084 2081 // removed trailing [.,;:)] from URL 2085 2082 if ( in_array( substr($dest, -1), array('.', ',', ';', ':', ')') ) === true ) { 2086 2083 $ret = substr($dest, -1); 2087 2084 $dest = substr($dest, 0, strlen($dest)-1); 2088 2085 } 2086 2087 $dest = esc_url($dest); 2088 if ( empty($dest) ) 2089 return $matches[0]; 2090 2089 2091 return $matches[1] . "<a href=\"$dest\" rel=\"nofollow\">$dest</a>$ret"; 2090 2092 } 2091 2093 … … 3278 3280 * (the default behaviour) ampersands are also replaced. The 'clean_url' filter 3279 3281 * is applied to the returned cleaned URL. 3280 3282 * 3283 * See RFC3986 3284 * 3281 3285 * @since 2.8.0 3282 3286 * 3283 3287 * @param string $url The URL to be cleaned. … … 3293 3297 return $url; 3294 3298 3295 3299 $url = str_replace( ' ', '%20', $url ); 3296 $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\ \x80-\\xff]|i', '', $url);3300 $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', $url); 3297 3301 3298 3302 if ( '' === $url ) { 3299 3303 return $url; … … 3306 3310 3307 3311 $url = str_replace(';//', '://', $url); 3308 3312 /* If the URL doesn't appear to contain a scheme, we 3309 * presume it needs http:// appended (unless a relative3313 * presume it needs http:// prepended (unless a relative 3310 3314 * link starting with /, # or ? or a php file). 3311 3315 */ 3312 3316 if ( strpos($url, ':') === false && ! in_array( $url[0], array( '/', '#', '?' ) ) && … … 3320 3324 $url = str_replace( "'", ''', $url ); 3321 3325 } 3322 3326 3327 if ( ( false !== strpos( $url, '[' ) ) || ( false !== strpos( $url, ']' ) ) ) { 3328 3329 $parsed = parse_url( $url ); 3330 $front = ''; 3331 3332 if ( isset( $parsed['scheme'] ) ) { 3333 $front .= $parsed['scheme'] . '://'; 3334 } elseif ( '/' === $url[0] ) { 3335 $front .= '//'; 3336 } 3337 3338 if ( isset( $parsed['user'] ) ) { 3339 $front .= $parsed['user']; 3340 } 3341 3342 if ( isset( $parsed['pass'] ) ) { 3343 $front .= ':' . $parsed['pass']; 3344 } 3345 3346 if ( isset( $parsed['user'] ) || isset( $parsed['pass'] ) ) { 3347 $front .= '@'; 3348 } 3349 3350 if ( isset( $parsed['host'] ) ) { 3351 $front .= $parsed['host']; 3352 } 3353 3354 if ( isset( $parsed['port'] ) ) { 3355 $front .= ':' . $parsed['port']; 3356 } 3357 3358 $end_dirty = str_replace( $front, '', $url ); 3359 $end_clean = str_replace( array( '[', ']' ), array( '%5B', '%5D' ), $end_dirty ); 3360 $url = str_replace( $end_dirty, $end_clean, $url ); 3361 3362 } 3363 3323 3364 if ( '/' === $url[0] ) { 3324 3365 $good_protocol_url = $url; 3325 3366 } else { -
tests/phpunit/tests/formatting/EscUrl.php
40 40 } 41 41 42 42 function test_all_url_parts() { 43 $url = 'https://user:password@host.example.com:1234/path;p=1?q=2&r=3#fragment'; 44 $this->assertEquals( $url, esc_url_raw( $url ) ); 45 46 $this->assertEquals( 'https://user:password@host.example.com:1234/path;p=1?q=2&r=3#fragment', esc_url( $url ) ); 43 $url = 'https://user:pass@host.example.com:1234/path;p=1?query=2&r[]=3#fragment'; 47 44 48 $this->assertEquals( 'http://example.com?foo', esc_url( 'http://example.com?foo' ) ); 45 $this->assertEquals( array( 46 'scheme' => 'https', 47 'host' => 'host.example.com', 48 'port' => 1234, 49 'user' => 'user', 50 'pass' => 'pass', 51 'path' => '/path;p=1', 52 'query' => 'query=2&r[]=3', 53 'fragment' => 'fragment', 54 ), parse_url( $url ) ); 55 $this->assertEquals( 'https://user:pass@host.example.com:1234/path;p=1?query=2&r%5B%5D=3#fragment', esc_url_raw( $url ) ); 56 $this->assertEquals( 'https://user:pass@host.example.com:1234/path;p=1?query=2&r%5B%5D=3#fragment', esc_url( $url ) ); 57 } 58 59 function test_all_url_parts_ipv6() { 60 $url = 'https://user:pass@[::FFFF::127.0.0.1]:1234/path;p=1?query=2&r[]=3#fragment'; 61 62 $this->assertEquals( array( 63 'scheme' => 'https', 64 'host' => '[::FFFF::127.0.0.1]', 65 'port' => 1234, 66 'user' => 'user', 67 'pass' => 'pass', 68 'path' => '/path;p=1', 69 'query' => 'query=2&r[]=3', 70 'fragment' => 'fragment', 71 ), parse_url( $url ) ); 72 $this->assertEquals( 'https://user:pass@[::FFFF::127.0.0.1]:1234/path;p=1?query=2&r%5B%5D=3#fragment', esc_url_raw( $url ) ); 73 $this->assertEquals( 'https://user:pass@[::FFFF::127.0.0.1]:1234/path;p=1?query=2&r%5B%5D=3#fragment', esc_url( $url ) ); 49 74 } 50 75 51 76 function test_bare() { 77 $this->assertEquals( 'http://example.com?foo', esc_url( 'example.com?foo' ) ); 52 78 $this->assertEquals( 'http://example.com', esc_url( 'example.com' ) ); 53 79 $this->assertEquals( 'http://localhost', esc_url( 'localhost' ) ); 54 80 $this->assertEquals( 'http://example.com/foo', esc_url( 'example.com/foo' ) ); … … 126 152 } 127 153 128 154 /** 155 * @ticket 16859 156 */ 157 function test_square_brackets() { 158 $this->assertEquals( '/example.php?one%5B%5D=two', esc_url( '/example.php?one[]=two' ) ); 159 $this->assertEquals( '?foo%5Bbar%5D=baz', esc_url( '?foo[bar]=baz' ) ); 160 $this->assertEquals( '//example.com/?foo%5Bbar%5D=baz', esc_url( '//example.com/?foo[bar]=baz' ) ); 161 $this->assertEquals( 'http://example.com/?foo%5Bbar%5D=baz', esc_url( 'example.com/?foo[bar]=baz' ) ); 162 $this->assertEquals( 'http://localhost?foo%5Bbar%5D=baz', esc_url( 'localhost?foo[bar]=baz' ) ); 163 $this->assertEquals( 'http://example.com/?foo%5Bbar%5D=baz', esc_url( 'http://example.com/?foo[bar]=baz' ) ); 164 $this->assertEquals( 'http://example.com/?foo%5Bbar%5D=baz', esc_url( 'http://example.com/?foo%5Bbar%5D=baz' ) ); 165 $this->assertEquals( 'http://example.com/?baz=bar&foo%5Bbar%5D=baz', esc_url( 'http://example.com/?baz=bar&foo[bar]=baz' ) ); 166 $this->assertEquals( 'http://example.com/?baz=bar&foo%5Bbar%5D=baz', esc_url( 'http://example.com/?baz=bar&foo%5Bbar%5D=baz' ) ); 167 } 168 169 /** 170 * @ticket 16859 171 */ 172 function test_ipv6_hosts() { 173 $this->assertEquals( '//[::127.0.0.1]', esc_url( '//[::127.0.0.1]' ) ); 174 $this->assertEquals( 'http://[::FFFF::127.0.0.1]', esc_url( 'http://[::FFFF::127.0.0.1]' ) ); 175 $this->assertEquals( 'http://[::127.0.0.1]', esc_url( 'http://[::127.0.0.1]' ) ); 176 $this->assertEquals( 'http://[::DEAD:BEEF:DEAD:BEEF:DEAD:BEEF:DEAD:BEEF]', esc_url( 'http://[::DEAD:BEEF:DEAD:BEEF:DEAD:BEEF:DEAD:BEEF]' ) ); 177 178 // IPv6 with square brackets in the query? Why not. 179 $this->assertEquals( '//[::FFFF::127.0.0.1]/?foo%5Bbar%5D=baz', esc_url( '//[::FFFF::127.0.0.1]/?foo[bar]=baz' ) ); 180 $this->assertEquals( 'http://[::FFFF::127.0.0.1]/?foo%5Bbar%5D=baz', esc_url( 'http://[::FFFF::127.0.0.1]/?foo[bar]=baz' ) ); 181 } 182 183 /** 184 * Courtesy of http://blog.lunatech.com/2009/02/03/what-every-web-developer-must-know-about-url-encoding 185 */ 186 function test_reserved_characters() { 187 $url = "http://example.com/:@-._~!$&'()*+,=;:@-._~!$&'()*+,=:@-._~!$&'()*+,==?/?:@-._~!$%27()*+,;=/?:@-._~!$%27()*+,;==#/?:@-._~!$&'()*+,;="; 188 $this->assertEquals( $url, esc_url_raw( $url ) ); 189 } 190 191 /** 129 192 * @ticket 21974 130 193 */ 131 194 function test_protocol_relative_with_colon() { … … 175 238 * @ticket 28015 176 239 */ 177 240 function test_invalid_charaters() { 178 $this->assertEmpty( esc_url_raw('"^ []<>{}`') );241 $this->assertEmpty( esc_url_raw('"^<>{}`') ); 179 242 } 180 243 181 244 }