Make WordPress Core

Changeset 33923


Ignore:
Timestamp:
09/05/2015 09:28:50 PM (9 years ago)
Author:
johnbillion
Message:

Bail out early from esc_url() if the URL becomes empty after stripping out disallowed characters.

Fixes #28015
Props jesin for the unit test

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r33858 r33923  
    32783278    $url = str_replace( ' ', '%20', $url );
    32793279    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
     3280
     3281    if ( '' === $url ) {
     3282        return $url;
     3283    }
     3284
    32803285    if ( 0 !== stripos( $url, 'mailto:' ) ) {
    32813286        $strip = array('%0d', '%0a', '%0D', '%0A');
  • trunk/tests/phpunit/tests/formatting/EscUrl.php

    r33858 r33923  
    172172    }
    173173
     174    /**
     175     * @ticket 28015
     176     */
     177    function test_invalid_charaters() {
     178        $this->assertEmpty( esc_url_raw('"^[]<>{}`') );
     179    }
    174180
    175181}
Note: See TracChangeset for help on using the changeset viewer.