Ticket #32816: 32816.6.diff
File 32816.6.diff, 5.2 KB (added by , 8 years ago) |
---|
-
src/wp-admin/css/customize-nav-menus.css
diff --git src/wp-admin/css/customize-nav-menus.css src/wp-admin/css/customize-nav-menus.css index a95c8fcb92..589519fc27 100644
578 578 579 579 #custom-menu-item-name.invalid, 580 580 #custom-menu-item-url.invalid, 581 .edit-menu-item-url.invalid, 581 582 .menu-name-field.invalid, 582 583 .menu-name-field.invalid:focus, 583 584 #available-menu-items .new-content-item .create-item-input.invalid, -
src/wp-admin/js/customize-nav-menus.js
diff --git src/wp-admin/js/customize-nav-menus.js src/wp-admin/js/customize-nav-menus.js index 3b7af24302..2587fe475d 100644
1381 1381 */ 1382 1382 _setupUpdateUI: function() { 1383 1383 var control = this, 1384 settingValue = control.setting(); 1384 settingValue = control.setting(), 1385 updateNotifications; 1385 1386 1386 1387 control.elements = {}; 1387 1388 control.elements.url = new api.Element( control.container.find( '.edit-menu-item-url' ) ); … … 1464 1465 } 1465 1466 } 1466 1467 }); 1468 1469 // Style the URL field as invalid when there is an invalid_url notification. 1470 updateNotifications = _.debounce( function() { 1471 control.elements.url.element.toggleClass( 'invalid', control.setting.notifications.has( 'invalid_url' ) ); 1472 } ); 1473 control.setting.notifications.bind( 'add', updateNotifications ); 1474 control.setting.notifications.bind( 'remove', updateNotifications ); 1467 1475 }, 1468 1476 1469 1477 /** -
src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php
diff --git src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php index 11b5cd6d5a..2b4aabaffd 100644
class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting { 662 662 * @access public 663 663 * 664 664 * @param array $menu_item_value The value to sanitize. 665 * @return array|false|null Null if an input isn't valid. False if it is marked for deletion.665 * @return array|false|null|WP_Error Null if an input isn't valid. False if it is marked for deletion. 666 666 * Otherwise the sanitized value. 667 667 */ 668 668 public function sanitize( $menu_item_value ) { … … class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting { 722 722 $menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) ); 723 723 $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) ); 724 724 725 $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); 725 if ( '' !== $menu_item_value['url'] ) { 726 $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); 727 if ( '' === $menu_item_value['url'] ) { 728 return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid. 729 } 730 } 726 731 if ( 'publish' !== $menu_item_value['status'] ) { 727 732 $menu_item_value['status'] = 'draft'; 728 733 } -
tests/phpunit/tests/customize/nav-menu-item-setting.php
diff --git tests/phpunit/tests/customize/nav-menu-item-setting.php tests/phpunit/tests/customize/nav-menu-item-setting.php index bcb3dc56de..04d80ca987 100644
class Test_WP_Customize_Nav_Menu_Item_Setting extends WP_UnitTestCase { 472 472 $this->assertNull( $setting->sanitize( 'not an array' ) ); 473 473 $this->assertNull( $setting->sanitize( 123 ) ); 474 474 475 $valid_urls = array( 476 'http://example.com/', 477 'https://foo.example.com/hello.html', 478 'mailto:nobody@example.com?subject=hi', 479 'ftp://example.com/', 480 'ftps://example.com/', 481 'news://news.server.example/example.group.this', 482 'irc://irc.freenode.net/wordpress', 483 'gopher://example.com', 484 'nntp://news.server.example/example.group.this', 485 'feed://example.com/', 486 'telnet://example.com', 487 'mms://example.com', 488 'rtsp://example.com/', 489 'svn://develop.svn.wordpress.org/trunk', 490 'tel:000-000-000', 491 'fax:000-000-000', 492 'xmpp:user@host?message', 493 'webcal://example.com', 494 'urn:org.wordpress', 495 ); 496 foreach ( $valid_urls as $valid_url ) { 497 $url_setting = $setting->sanitize( array( 'url' => $valid_url ) ); 498 $this->assertInternalType( 'array', $url_setting ); 499 $this->assertEquals( $valid_url, $url_setting['url'] ); 500 } 501 502 $invalid_urls = array( 503 'javascript:alert(1)', 504 'unknown://something.out-there', 505 ); 506 foreach ( $invalid_urls as $invalid_url ) { 507 $url_setting = $setting->sanitize( array( 'url' => $invalid_url ) ); 508 $this->assertInstanceOf( 'WP_Error', $url_setting ); 509 $this->assertEquals( 'invalid_url', $url_setting->get_error_code() ); 510 } 511 475 512 $unsanitized = array( 476 513 'object_id' => 'bad', 477 514 'object' => '<b>hello</b>', … … class Test_WP_Customize_Nav_Menu_Item_Setting extends WP_UnitTestCase { 479 516 'position' => -123, 480 517 'type' => 'custom<b>', 481 518 'title' => '\o/ o\'o Hi<script>unfilteredHtml()</script>', 482 'url' => ' javascript:alert(1)',519 'url' => '', 483 520 'target' => '" onclick="', 484 521 'attr_title' => '\o/ o\'o <b>bolded</b><script>unfilteredHtml()</script>', 485 522 'description' => '\o/ o\'o <b>Hello world</b><script>unfilteredHtml()</script>',