Changeset 33064 for trunk/src/wp-includes/formatting.php

Timestamp:

07/03/2015 02:27:11 PM (10 years ago)

Author:

jorbin

Message:

Don't strip newline in esc_url() when protocol is mailto:

The mailto protocol is a bit different than the other protocols in that new lines are something you might realistically want to include. Includes tests to make sure that http protocol urls that contain mailto: aren't affected. Tests for stripping newlines in general already exist.

Fixes #31632
Props danielbachhuber

File:

• trunk/src/wp-includes/formatting.php (modified) (1 diff)

trunk/src/wp-includes/formatting.php

@@ -3160 +3160 @@
         return $url;
     $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
-    $strip = array('%0d', '%0a', '%0D', '%0A');
-    $url = _deep_replace($strip, $url);
+    if ( 0 !== stripos( $url, 'mailto:' ) ) {
+        $strip = array('%0d', '%0a', '%0D', '%0A');
+        $url = _deep_replace($strip, $url);
+    }
     $url = str_replace(';//', '://', $url);
     /* If the URL doesn't appear to contain a scheme, we