Make WordPress Core

Changeset 33064


Ignore:
Timestamp:
07/03/2015 02:27:11 PM (10 years ago)
Author:
jorbin
Message:

Don't strip newline in esc_url() when protocol is mailto:

The mailto protocol is a bit different than the other protocols in that new lines are something you might realistically want to include. Includes tests to make sure that http protocol urls that contain mailto: aren't affected. Tests for stripping newlines in general already exist.

Fixes #31632
Props danielbachhuber

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/about.php

    r32636 r33064  
    4242
    4343<div class="headline-feature feature-video">
    44     <embed type="application/x-shockwave-flash" src="https://v0.wordpress.com/player.swf?v=1.04" width="1000" height="560" wmode="direct" seamlesstabbing="true" allowfullscreen="true" allowscriptaccess="always" overstretch="true" flashvars="guid=e9kH4FzP&amp;isDynamicSeeking=true"></embed>
     44<iframe width="560" height="315" src="https://www.youtube.com/embed/LCZ-cxfxzvk" frameborder="0" allowfullscreen></iframe>
    4545</div>
    4646
  • trunk/src/wp-includes/formatting.php

    r33027 r33064  
    31603160        return $url;
    31613161    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
    3162     $strip = array('%0d', '%0a', '%0D', '%0A');
    3163     $url = _deep_replace($strip, $url);
     3162    if ( 0 !== stripos( $url, 'mailto:' ) ) {
     3163        $strip = array('%0d', '%0a', '%0D', '%0A');
     3164        $url = _deep_replace($strip, $url);
     3165    }
    31643166    $url = str_replace(';//', '://', $url);
    31653167    /* If the URL doesn't appear to contain a scheme, we
  • trunk/tests/phpunit/tests/formatting/EscUrl.php

    r30514 r33064  
    6969        $this->assertEquals( '//example.com/foo?foo=abc:def', esc_url( '//example.com/foo?foo=abc:def' ) );
    7070    }
     71
     72    /**
     73     * @ticket 31632
     74     */
     75    function test_mailto_with_newline() {
     76        $body = <<<EOT
     77Hi there,
     78
     79I thought you might want to sign up for this newsletter
     80EOT;
     81        $email_link = 'mailto:?body=' . rawurlencode( $body );
     82        $email_link = esc_url( $email_link );
     83        $this->assertEquals( 'mailto:?body=Hi%20there%2C%0A%0AI%20thought%20you%20might%20want%20to%20sign%20up%20for%20this%20newsletter', $email_link );
     84    }
     85    /**
     86     * @ticket 31632
     87     */
     88    function test_mailto_in_http_url_with_newline() {
     89        $body = <<<EOT
     90Hi there,
     91
     92I thought you might want to sign up for this newsletter
     93EOT;
     94        $email_link = 'http://example.com/mailto:?body=' . rawurlencode( $body );
     95        $email_link = esc_url( $email_link );
     96        $this->assertEquals( 'http://example.com/mailto:?body=Hi%20there%2CI%20thought%20you%20might%20want%20to%20sign%20up%20for%20this%20newsletter', $email_link );
     97    }
     98
    7199}
Note: See TracChangeset for help on using the changeset viewer.