Make WordPress Core

Ticket #40353: #40353.3.patch

File #40353.3.patch, 5.4 KB (added by loru88, 8 years ago)

validate url using a simple filterable regex

  • wp-includes/formatting.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    29472947        return apply_filters( 'is_email', $email, $email, null );
    29482948}
    29492949
     2950/**
     2951 * Verifies that an url is valid as wordpress site url
     2952 * The regex check just if th protocol are http o https.
     2953 * In case other protocol are need to be considered valid, one has to edit the regex through the filter
     2954 *
     2955 * @param string $url      Url address to verify.
     2956 * @return bool            False if it is not a valid wordpress site url
     2957 */
     2958function is_valid_wordpress_url($url){
     2959
     2960    $valid_url_pattern = '~^
     2961            (http(s)?)://                           # protocol
     2962            (([\pL\pN-]+:)?([\pL\pN-]+)@)?          # basic auth
     2963            (
     2964                ([\pL\pN\pS-\.])+(\.?([\pL\pN]|xn\-\-[\pL\pN-]+)+\.?) # a domain name
     2965                    |                                                 # or
     2966                \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}                    # an IP address
     2967                    |                                                 # or
     2968                \[
     2969                    (?:(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){6})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:::(?:(?:(?:[0-9a-f]{1,4})):){5})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){4})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,1}(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){3})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,2}(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){2})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,3}(?:(?:[0-9a-f]{1,4})))?::(?:(?:[0-9a-f]{1,4})):)(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,4}(?:(?:[0-9a-f]{1,4})))?::)(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,5}(?:(?:[0-9a-f]{1,4})))?::)(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,6}(?:(?:[0-9a-f]{1,4})))?::))))
     2970                \]  # an IPv6 address
     2971            )
     2972            (:[0-9]+)?                              # a port (optional)
     2973            (?:/ (?:[\pL\pN\-._\~!$&\'()*+,;=:@]|%%[0-9A-Fa-f]{2})* )*      # a path
     2974        $~ixu';
     2975
     2976    /**
     2977     * basic check before running the regex
     2978     */
     2979    if( empty( trim($url) ) ){
     2980        return false;
     2981    }
     2982
     2983    /**
     2984     * Filters to edit the regex pattern for a valid url
     2985     *
     2986     * @param string $valid_url_pattern    The regex pattern to valid url against
     2987     */
     2988    $valid_url_pattern = apply_filters( 'valid_url_pattern', $valid_url_pattern );
     2989
     2990    if (!preg_match($valid_url_pattern, $url)) {
     2991
     2992        //is not a valid url
     2993        return false;
     2994    }else{
     2995
     2996        //is valid url
     2997        return true;
     2998    }
     2999}
     3000
    29503001/**
    29513002 * Convert to ASCII from email subjects.
    29523003 *
     
    41554206                        break;
    41564207
    41574208                case 'siteurl':
    4158                         $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
    4159                         if ( is_wp_error( $value ) ) {
    4160                                 $error = $value->get_error_message();
    4161                         } else {
    4162                                 if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
    4163                                         $value = esc_url_raw( $value );
    4164                                 } else {
    4165                                         $error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' );
    4166                                 }
    4167                         }
    4168                         break;
    4169 
    4170                 case 'home':
     4209        case 'home':
    41714210                        $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
    41724211                        if ( is_wp_error( $value ) ) {
    41734212                                $error = $value->get_error_message();
    41744213                        } else {
    4175                                 if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
    4176                                         $value = esc_url_raw( $value );
    4177                                 } else {
    4178                                         $error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' );
     4214                $value = esc_url_raw( $value );
     4215                                if ( ! is_valid_wordpress_url( $value ) ) {
     4216                                    if( $option == 'siteurl' ) {
     4217                        $error = __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.');
     4218                    } else {
     4219                        $error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' );
     4220                    }
    41794221                                }
    41804222                        }
    41814223                        break;