WordPress.org

Make WordPress Core

Ticket #31632: 31632.1.diff

File 31632.1.diff, 1.6 KB (added by danielbachhuber, 7 years ago)

Don't strip newline in esc_url when protocol is mailto:

  • src/wp-includes/formatting.php

    diff --git src/wp-includes/formatting.php src/wp-includes/formatting.php
    index bc3ae35..c587c03 100644
    function esc_url( $url, $protocols = null, $_context = 'display' ) { 
    30573057        if ( '' == $url )
    30583058                return $url;
    30593059        $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
    3060         $strip = array('%0d', '%0a', '%0D', '%0A');
    3061         $url = _deep_replace($strip, $url);
     3060        if ( 0 !== stripos( $url, 'mailto:' ) ) {
     3061                $strip = array('%0d', '%0a', '%0D', '%0A');
     3062                $url = _deep_replace($strip, $url);
     3063        }
    30623064        $url = str_replace(';//', '://', $url);
    30633065        /* If the URL doesn't appear to contain a scheme, we
    30643066         * presume it needs http:// appended (unless a relative
  • tests/phpunit/tests/formatting/EscUrl.php

    diff --git tests/phpunit/tests/formatting/EscUrl.php tests/phpunit/tests/formatting/EscUrl.php
    index 9b97a92..bbe0ea2 100644
    class Tests_Formatting_EscUrl extends WP_UnitTestCase { 
    6868        function test_protocol_relative_with_colon() {
    6969                $this->assertEquals( '//example.com/foo?foo=abc:def', esc_url( '//example.com/foo?foo=abc:def' ) );
    7070        }
     71
     72        /**
     73         * @ticket 31632
     74         */
     75        function test_mailto_with_newline() {
     76                $body = <<<EOT
     77Hi there,
     78
     79I thought you might want to sign up for this newsletter
     80EOT;
     81                $email_link = 'mailto:?body=' . rawurlencode( $body );
     82                $email_link = esc_url( $email_link );
     83                $this->assertEquals( 'mailto:?body=Hi%20there%2C%0A%0AI%20thought%20you%20might%20want%20to%20sign%20up%20for%20this%20newsletter', $email_link );
     84        }
    7185}