Changeset 33923 for trunk/src/wp-includes/formatting.php

Timestamp:

09/05/2015 09:28:50 PM (11 years ago)

Author:

johnbillion

Message:

Bail out early from esc_url() if the URL becomes empty after stripping out disallowed characters.

Fixes #28015
Props jesin for the unit test

File:

• trunk/src/wp-includes/formatting.php (modified) (1 diff)

trunk/src/wp-includes/formatting.php

@@ -3278 +3278 @@
     $url = str_replace( ' ', '%20', $url );
     $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
+
+    if ( '' === $url ) {
+        return $url;
+    }
+
     if ( 0 !== stripos( $url, 'mailto:' ) ) {
         $strip = array('%0d', '%0a', '%0D', '%0A');