diff --git a/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php b/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php
index b5ce2e3cf4..df5050d195 100644
|
a
|
b
|
public function sanitize( $menu_item_value ) { |
| 711 | 711 | $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) ); |
| 712 | 712 | |
| 713 | 713 | if ( '' !== $menu_item_value['url'] ) { |
| 714 | | $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); |
| 715 | | if ( '' === $menu_item_value['url'] ) { |
| | 714 | // Validate URL with the same regex as on the frontend |
| | 715 | if ( ! preg_match( '/^((\w+:)?\/\/\w.*|\w+:(?!\/\/$)|\/|\?|#)/', $menu_item_value['url'] ) ) { |
| 716 | 716 | return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid. |
| 717 | 717 | } |
| | 718 | $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); |
| | 719 | } else { |
| | 720 | return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is empty. |
| 718 | 721 | } |
| 719 | 722 | if ( 'publish' !== $menu_item_value['status'] ) { |
| 720 | 723 | $menu_item_value['status'] = 'draft'; |