Ticket #32816: 32816.2.diff
File 32816.2.diff, 5.3 KB (added by , 7 years ago) |
---|
-
src/wp-admin/css/customize-nav-menus.css
diff --git src/wp-admin/css/customize-nav-menus.css src/wp-admin/css/customize-nav-menus.css index 36138ca2a3..82d27019ae 100644
559 559 560 560 #custom-menu-item-name.invalid, 561 561 #custom-menu-item-url.invalid, 562 .edit-menu-item-url.invalid, 562 563 .menu-name-field.invalid, 563 564 .menu-name-field.invalid:focus, 564 565 #available-menu-items .new-content-item .create-item-input.invalid, -
src/wp-admin/js/customize-nav-menus.js
diff --git src/wp-admin/js/customize-nav-menus.js src/wp-admin/js/customize-nav-menus.js index 2bc192c6a0..52eb26d544 100644
1387 1387 */ 1388 1388 _setupUpdateUI: function() { 1389 1389 var control = this, 1390 settingValue = control.setting(); 1390 settingValue = control.setting(), 1391 updateNotifications; 1391 1392 1392 1393 control.elements = {}; 1393 1394 control.elements.url = new api.Element( control.container.find( '.edit-menu-item-url' ) ); … … 1470 1471 } 1471 1472 } 1472 1473 }); 1474 1475 // Style the URL field as invalid when there is an invalid_url notification. 1476 updateNotifications = _.debounce( function() { 1477 control.elements.url.element.toggleClass( 'invalid', control.setting.notifications.has( 'invalid_url' ) ); 1478 } ); 1479 control.setting.notifications.bind( 'add', updateNotifications ); 1480 control.setting.notifications.bind( 'remove', updateNotifications ); 1473 1481 }, 1474 1482 1475 1483 /** -
src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php
diff --git src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php index 33ca5ce150..34f0139294 100644
class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting { 641 641 * @since 4.3.0 642 642 * 643 643 * @param array $menu_item_value The value to sanitize. 644 * @return array|false|null Null if an input isn't valid. False if it is marked for deletion.644 * @return array|false|null|WP_Error Null if an input isn't valid. False if it is marked for deletion. 645 645 * Otherwise the sanitized value. 646 646 */ 647 647 public function sanitize( $menu_item_value ) { … … class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting { 701 701 $menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) ); 702 702 $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) ); 703 703 704 $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); 704 if ( '' !== $menu_item_value['url'] ) { 705 $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); 706 if ( '' === $menu_item_value['url'] ) { 707 return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid. 708 } 709 } 705 710 if ( 'publish' !== $menu_item_value['status'] ) { 706 711 $menu_item_value['status'] = 'draft'; 707 712 } -
tests/phpunit/tests/customize/nav-menu-item-setting.php
diff --git tests/phpunit/tests/customize/nav-menu-item-setting.php tests/phpunit/tests/customize/nav-menu-item-setting.php index bcb3dc56de..b5f184405f 100644
class Test_WP_Customize_Nav_Menu_Item_Setting extends WP_UnitTestCase { 472 472 $this->assertNull( $setting->sanitize( 'not an array' ) ); 473 473 $this->assertNull( $setting->sanitize( 123 ) ); 474 474 475 $valid_urls = array( 476 'http://example.com/', 477 'https://foo.example.com/hello.html', 478 'mailto:nobody@example.com?subject=hi', 479 'ftp://example.com/', 480 'ftps://example.com/', 481 'news://news.server.example/example.group.this', 482 'irc://irc.freenode.net/wordpress', 483 'gopher://example.com', 484 'nntp://news.server.example/example.group.this', 485 'feed://example.com/', 486 'telnet://example.com', 487 'mms://example.com', 488 'rtsp://example.com/', 489 'svn://develop.svn.wordpress.org/trunk', 490 'tel:000-000-000', 491 'fax:000-000-000', 492 'xmpp:user@host?message', 493 'webcal://example.com', 494 'urn:org.wordpress', 495 ); 496 foreach ( $valid_urls as $valid_url ) { 497 $url_setting = $setting->sanitize( array( 'url' => $valid_url ) ); 498 $this->assertInternalType( 'array', $url_setting ); 499 $this->assertEquals( $valid_url, $url_setting['url'] ); 500 } 501 502 $invalid_urls = array( 503 'javascript:alert(1)', 504 'unknown://something.out-there', 505 'smtp://user:pass@mailserver.thing', 506 ); 507 foreach ( $invalid_urls as $invalid_url ) { 508 $url_setting = $setting->sanitize( array( 'url' => $invalid_url ) ); 509 $this->assertInstanceOf( 'WP_Error', $url_setting ); 510 $this->assertEquals( 'invalid_url', $url_setting->get_error_code() ); 511 } 512 475 513 $unsanitized = array( 476 514 'object_id' => 'bad', 477 515 'object' => '<b>hello</b>', … … class Test_WP_Customize_Nav_Menu_Item_Setting extends WP_UnitTestCase { 479 517 'position' => -123, 480 518 'type' => 'custom<b>', 481 519 'title' => '\o/ o\'o Hi<script>unfilteredHtml()</script>', 482 'url' => ' javascript:alert(1)',520 'url' => '', 483 521 'target' => '" onclick="', 484 522 'attr_title' => '\o/ o\'o <b>bolded</b><script>unfilteredHtml()</script>', 485 523 'description' => '\o/ o\'o <b>Hello world</b><script>unfilteredHtml()</script>',