WordPress.org

Make WordPress Core

Ticket #32816: class-wp-customize-nav-menu-item-setting.diff

File class-wp-customize-nav-menu-item-setting.diff, 813 bytes (added by EGregor, 3 years ago)

Patch for invalid URL sanitization.

  • src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

     
    723723                $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );
    724724
    725725                $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
     726                if ( '' === $menu_item_value['url'] ) {
     727                        return new WP_Error( 'invalid_nav_menu_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid.
     728                }
    726729                if ( 'publish' !== $menu_item_value['status'] ) {
    727730                        $menu_item_value['status'] = 'draft';
    728731                }