Ticket #40353: 40353.4.patch
File 40353.4.patch, 9.8 KB (added by , 7 years ago) |
---|
-
src/wp-includes/formatting.php
diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php index 80e1545caf..046f522a09 100644
a b function is_email( $email, $deprecated = false ) { 2948 2948 } 2949 2949 2950 2950 /** 2951 * Verifies that an url is valid as wordpress site url 2952 * The regex check just if th protocol are http o https. 2953 * In case other protocol are need to be considered valid, one has to edit the regex through the filter 2954 * 2955 * @param string $url Url address to verify. 2956 * @return bool False if it is not a valid wordpress site url 2957 */ 2958 function is_valid_wordpress_url($url){ 2959 2960 $valid_url_pattern = '~^ 2961 (http(s)?):// # protocol 2962 (([\pL\pN-]+:)?([\pL\pN-]+)@)? # basic auth 2963 ( 2964 ([\pL\pN\pS-\.])+(\.?([\pL\pN]|xn\-\-[\pL\pN-]+)+\.?) # a domain name 2965 | # or 2966 \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} # an IP address 2967 | # or 2968 \[ 2969 (?:(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){6})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:::(?:(?:(?:[0-9a-f]{1,4})):){5})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){4})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,1}(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){3})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,2}(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){2})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,3}(?:(?:[0-9a-f]{1,4})))?::(?:(?:[0-9a-f]{1,4})):)(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,4}(?:(?:[0-9a-f]{1,4})))?::)(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,5}(?:(?:[0-9a-f]{1,4})))?::)(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,6}(?:(?:[0-9a-f]{1,4})))?::)))) 2970 \] # an IPv6 address 2971 ) 2972 (:[0-9]+)? # a port (optional) 2973 (?:/ (?:[\pL\pN\-._\~!$&\'()*+,;=:@]|%%[0-9A-Fa-f]{2})* )* # a path 2974 $~ixu'; 2975 2976 /** 2977 * basic check before running the regex 2978 */ 2979 if( empty( trim($url) ) ){ 2980 return false; 2981 } 2982 2983 /** 2984 * Filters to edit the regex pattern for a valid url 2985 * 2986 * @param string $valid_url_pattern The regex pattern to valid url against 2987 */ 2988 $valid_url_pattern = apply_filters( 'valid_url_pattern', $valid_url_pattern ); 2989 2990 if (!preg_match($valid_url_pattern, $url)) { 2991 2992 //is not a valid url 2993 return false; 2994 }else{ 2995 2996 //is valid url 2997 return true; 2998 } 2999 } 3000 3001 /** 2951 3002 * Convert to ASCII from email subjects. 2952 3003 * 2953 3004 * @since 1.2.0 … … function sanitize_option( $option, $value ) { 4155 4206 break; 4156 4207 4157 4208 case 'siteurl': 4209 case 'home': 4158 4210 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4159 4211 if ( is_wp_error( $value ) ) { 4160 4212 $error = $value->get_error_message(); 4161 4213 } else { 4162 if ( preg_match( '#http(s?)://(.+)#i', $value ) ) { 4163 $value = esc_url_raw( $value ); 4164 } else { 4165 $error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' ); 4166 } 4167 } 4168 break; 4169 4170 case 'home': 4171 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4172 if ( is_wp_error( $value ) ) { 4173 $error = $value->get_error_message(); 4174 } else { 4175 if ( preg_match( '#http(s?)://(.+)#i', $value ) ) { 4176 $value = esc_url_raw( $value ); 4177 } else { 4178 $error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' ); 4214 $value = esc_url_raw( $value ); 4215 if ( ! is_valid_wordpress_url( $value ) ) { 4216 if( $option == 'siteurl' ) { 4217 $error = __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.'); 4218 } else { 4219 $error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' ); 4220 } 4179 4221 } 4180 4222 } 4181 4223 break; -
tests/phpunit/tests/formatting/IsUrl.php
diff --git a/tests/phpunit/tests/formatting/IsUrl.php b/tests/phpunit/tests/formatting/IsUrl.php index 0432fa62da..12f54cf49b 100644
a b 3 3 /** 4 4 * @group formatting 5 5 */ 6 class Tests_Formatting_IsEmail extends WP_UnitTestCase { 7 function test_returns_the_email_address_if_it_is_valid() { 8 $data = array( 9 "bob@example.com", 10 "phil@example.info", 11 "ace@204.32.222.14", 12 "kevin@many.subdomains.make.a.happy.man.edu" 13 ); 14 foreach ( $data as $datum ) { 15 $this->assertEquals( $datum, is_email( $datum ), $datum ); 16 } 6 class Tests_Formatting_IsUrl extends WP_UnitTestCase { 7 8 /** 9 * @dataProvider valid_urls_provider 10 */ 11 function test_returns_the_url_if_it_is_valid( $datum ) { 12 $this->assertTrue( is_valid_wordpress_url( $datum ), "Expected URL $datum to be a valid wordpress URL" ); 13 } 14 15 /** 16 * @dataProvider invalid_urls_provider 17 */ 18 function test_returns_false_if_given_an_invalid_url($datum) { 19 $this->assertFalse(is_valid_wordpress_url($datum), "Expected URL $datum to NOT be a valid wordpress URL"); 17 20 } 18 21 19 function test_returns_false_if_given_an_invalid_email_address() { 20 $data = array( 21 "khaaaaaaaaaaaaaaan!", 22 'http://bob.example.com/', 23 "sif i'd give u it, spamer!1", 24 "com.exampleNOSPAMbob", 25 "bob@your mom" 22 public function valid_urls_provider() { 23 return array( 24 array( 'http://localhost' ), 25 array( 'http://localhost/' ), 26 array( 'https://localhost/' ), 27 array( 'http://wordpress.org' ), 28 array( 'http://wordpress.org/' ), 29 array( 'https://wordpress.org/' ), 30 array( 'http://wordpress.org:80' ), 31 array( 'http://wordpress.org:80/' ), 32 array( 'http://www.wordpress.org/' ), 33 array( 'http://www.wordpress.org' ), 34 array( 'http://foo-wordpress.org/' ), 35 array( 'http://foo.wordpress.org/hello.html' ), 36 array( 'http://very.long.domain.name.com/' ), 37 array( 'http://10.0.50.0' ), 38 array( 'http://10.0.50.0:80' ), 39 array( 'http://[::1]' ), 40 array( 'http://[::1]:80' ), 41 array( 'http://[2001:db8:85a3::8a2e:370:7334]' ), 42 array( 'http://sãopaulo.com/' ), 43 array( 'http://xn--sopaulo-xwa.com/' ), 44 array( 'http://sãopaulo.com.br/' ), 45 array( 'http://xn--sopaulo-xwa.com.br/' ), 46 array( 'http://пример.испытание/' ), 47 array( 'http://xn--e1afmkfd.xn--80akhbyknj4f/' ), 48 array( 'http://مثال.إختبار/' ), 49 array( 'http://xn--mgbh0fb.xn--kgbechtv/' ), 50 array( 'http://例子.测试/' ), 51 array( 'http://xn--fsqu00a.xn--0zwm56d/' ), 52 array( 'http://例子.測試/' ), 53 array( 'http://xn--fsqu00a.xn--g6w251d/' ), 54 array( 'http://例え.テスト/' ), 55 array( 'http://xn--r8jz45g.xn--zckzah/' ), 56 array( 'http://مثال.آزمایشی/' ), 57 array( 'http://xn--mgbh0fb.xn--hgbk6aj7f53bba/' ), 58 array( 'http://실례.테스트/' ), 59 array( 'http://xn--9n2bp8q.xn--9t4b11yi5a/' ), 60 array( 'http://العربية.idn.icann.org/' ), 61 array( 'http://xn--ogb.idn.icann.org/' ), 62 array( 'http://xn--e1afmkfd.xn--80akhbyknj4f.xn--e1afmkfd/' ), 63 array( 'http://xn--espaa-rta.xn--ca-ol-fsay5a/' ), 64 array( 'http://xn--d1abbgf6aiiy.xn--p1ai/' ), 65 array( 'http://☎.com/' ), 66 array( 'http://username:password@wordpress.org' ), 67 array( 'http://user-name@wordpress.org' ) 26 68 ); 27 foreach ($data as $datum) { 28 $this->assertFalse(is_email($datum), $datum); 29 } 69 } 70 71 public function invalid_urls_provider() { 72 return array( 73 array( '' ), 74 array( 'http;//' ), 75 array( 'wordpress.org' ), 76 array( 'http://wordpress .org' ), 77 array( 'http://wordpress*.org' ), 78 array( 'http://wordpress?.org' ), 79 array( 'http://word_press.org' ), 80 array( 'http://wordpress.org?something' ), 81 array( 'http://wordpress.org?' ), 82 array( 'http://wordpress.org/?something' ), 83 array( 'http://wordpress.org#something' ), 84 array( 'http://wordpress.org/#something' ), 85 array( 'http://::1' ), 86 array( 'ftp://[::1]' ), 87 array( 'http://wordpress.org?' ), 88 array( 'http://wordpress.org?query=1' ), 89 array( 'http://wordpress.org/?query=1' ), 90 array( 'http://wordpress.org#' ), 91 array( 'http://wordpress.org#fragment' ), 92 array( 'http://wordpress.org/#fragment' ), 93 array( 'http://wordpress.org/#one_more%20test' ), 94 array( 'mailto:nobody@wordpress.org?subject=hi' ), 95 array( 'ftp://wordpress.org/' ), 96 array( 'javascript:alert(1)' ), 97 array( 'unknown://something.out-there' ), 98 array( 'http://hello.☎/' ), 99 ); 30 100 } 31 101 }