Ticket #32816: 32816-egregor-fixes-tests.diff
File 32816-egregor-fixes-tests.diff, 3.5 KB (added by , 8 years ago) |
---|
-
src/wp-admin/js/customize-nav-menus.js
536 536 submitLink: function() { 537 537 var menuItem, 538 538 itemName = $( '#custom-menu-item-name' ), 539 itemUrl = $( '#custom-menu-item-url' ); 539 itemUrl = $( '#custom-menu-item-url' ), 540 testRegex; 540 541 541 542 if ( ! this.currentMenuControl ) { 542 543 return; 543 544 } 544 545 546 // Copyright (c) 2010-2013 Diego Perini, MIT licensed 547 // https://gist.github.com/dperini/729294 548 // see also https://mathiasbynens.be/demo/url-regex 549 // modified to allow protocol-relative URLs 550 551 testRegex = /^(?:(?:(?:https?|ftp):)?\/\/)(?:\S+(?::\S*)?@)?(?:(?!(?:10|127)(?:\.\d{1,3}){3})(?!(?:169\.254|192\.168)(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)(?:\.(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)*(?:\.(?:[a-z\u00a1-\uffff]{2,})).?)(?::\d{2,5})?(?:[/?#]\S*)?$/i; 552 545 553 if ( '' === itemName.val() ) { 546 554 itemName.addClass( 'invalid' ); 547 555 return; 548 } else if ( '' === itemUrl.val() || 'http://' === itemUrl.val() ) { 556 } else if ( '' === itemUrl.val() || 557 'http://' === itemUrl.val() || 558 ! testRegex.test( itemUrl.val() ) 559 ) { 549 560 itemUrl.addClass( 'invalid' ); 550 561 return; 551 562 } -
src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php
722 722 $menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) ); 723 723 $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) ); 724 724 725 $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); 725 if ( '' !== $menu_item_value['url'] ) { 726 $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); 727 if ( '' === $menu_item_value['url'] ) { 728 return new WP_Error( 'invalid_nav_menu_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid. 729 } 730 } 726 731 if ( 'publish' !== $menu_item_value['status'] ) { 727 732 $menu_item_value['status'] = 'draft'; 728 733 } -
tests/phpunit/tests/customize/nav-menu-item-setting.php
472 472 $this->assertNull( $setting->sanitize( 'not an array' ) ); 473 473 $this->assertNull( $setting->sanitize( 123 ) ); 474 474 475 $url_setting = $setting->sanitize( array( 'url' => 'javascript:alert(1)' ) ); 476 $this->assertInstanceOf( 'WP_Error', $url_setting ); 477 475 478 $unsanitized = array( 476 479 'object_id' => 'bad', 477 480 'object' => '<b>hello</b>', … … 479 482 'position' => -123, 480 483 'type' => 'custom<b>', 481 484 'title' => '\o/ o\'o Hi<script>unfilteredHtml()</script>', 482 'url' => ' javascript:alert(1)',485 'url' => '', 483 486 'target' => '" onclick="', 484 487 'attr_title' => '\o/ o\'o <b>bolded</b><script>unfilteredHtml()</script>', 485 488 'description' => '\o/ o\'o <b>Hello world</b><script>unfilteredHtml()</script>',