Changeset 31737
- Timestamp:
- 03/11/2015 11:22:21 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-wp-press-this.php
r31693 r31737 343 343 } 344 344 345 $url = $this->_limit_string( $url );346 347 345 // HTTP 1.1 allows 8000 chars but the "de-facto" standard supported in all current browsers is 2048. 348 if ( mb_strlen( $url ) > 2048 ) {346 if ( strlen( $url ) > 2048 ) { 349 347 return ''; // Return empty rather than a trunacted/invalid URL 350 348 } 351 349 352 // Only allow http(s) or protocol relative URLs.353 if ( ! preg_match( ' %^(https?:)?//%i', $url ) ) {350 // Does it look like an URL? 351 if ( ! preg_match( '/^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$/', $url ) ) { 354 352 return ''; 355 353 } 356 354 357 if ( strpos( $url, '"' ) !== false || strpos( $url, ' ' ) !== false ) { 358 return ''; 359 } 360 361 return $url; 355 return esc_url_raw( $url, array( 'http', 'https' ) ); 362 356 } 363 357
Note: See TracChangeset
for help on using the changeset viewer.