Changeset 36448 for branches/4.3
- Timestamp:
- 02/02/2016 04:59:00 PM (10 years ago)
- Location:
- branches/4.3
- Files:
-
- 2 edited
-
src/wp-includes/pluggable.php (modified) (2 diffs)
-
tests/phpunit/tests/formatting/redirect.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/4.3/src/wp-includes/pluggable.php
r34118 r36448 1313 1313 $test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location; 1314 1314 1315 $lp = parse_url($test); 1315 // @-operator is used to prevent possible warnings in PHP < 5.3.3. 1316 $lp = @parse_url($test); 1316 1317 1317 1318 // Give up if malformed URL … … 1323 1324 return $default; 1324 1325 1325 // Reject if scheme isset but host is not. This catches urls like https:host.com for which parse_url does not set the host field.1326 if ( isset($lp['scheme']) && !isset($lp['host']) )1326 // Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field. 1327 if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) { 1327 1328 return $default; 1329 } 1330 1331 // Reject malformed components parse_url() can return on odd inputs. 1332 foreach ( array( 'user', 'pass', 'host' ) as $component ) { 1333 if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/?#@' ) ) { 1334 return $default; 1335 } 1336 } 1328 1337 1329 1338 $wpp = parse_url(home_url()); -
branches/4.3/tests/phpunit/tests/formatting/redirect.php
r31587 r36448 4 4 * @group pluggable 5 5 * @group formatting 6 * @group redirect 6 7 */ 7 8 class Tests_Formatting_Redirect extends WP_UnitTestCase { 9 function setUp() { 10 add_filter( 'home_url', array( $this, 'home_url' ) ); 11 } 12 13 function tearDown() { 14 remove_filter( 'home_url', array( $this, 'home_url' ) ); 15 } 16 17 function home_url() { 18 return 'http://example.com/'; 19 } 20 8 21 function test_wp_sanitize_redirect() { 9 22 $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago')); … … 20 33 $this->assertEquals('http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect('http://example.com/search.php?search=(amistillhere)')); 21 34 } 35 36 /** 37 * @dataProvider valid_url_provider 38 */ 39 function test_wp_validate_redirect_valid_url( $url, $expected ) { 40 $this->assertEquals( $expected, wp_validate_redirect( $url ) ); 41 } 42 43 /** 44 * @dataProvider invalid_url_provider 45 */ 46 function test_wp_validate_redirect_invalid_url( $url ) { 47 $this->assertEquals( false, wp_validate_redirect( $url, false ) ); 48 } 49 50 function valid_url_provider() { 51 return array( 52 array( 'http://example.com', 'http://example.com' ), 53 array( 'http://example.com/', 'http://example.com/' ), 54 array( 'https://example.com/', 'https://example.com/' ), 55 array( '//example.com', 'http://example.com' ), 56 array( '//example.com/', 'http://example.com/' ), 57 array( 'http://example.com/?foo=http://example.com/', 'http://example.com/?foo=http://example.com/' ), 58 array( 'http://user@example.com/', 'http://user@example.com/' ), 59 array( 'http://user:@example.com/', 'http://user:@example.com/' ), 60 array( 'http://user:pass@example.com/', 'http://user:pass@example.com/' ), 61 ); 62 } 63 64 function invalid_url_provider() { 65 return array( 66 // parse_url() fails 67 array( '' ), 68 array( 'http://:' ), 69 70 // non-safelisted domain 71 array( 'http://non-safelisted.example/' ), 72 73 // unsupported schemes 74 array( 'data:text/plain;charset=utf-8,Hello%20World!' ), 75 array( 'file:///etc/passwd' ), 76 array( 'ftp://example.com/' ), 77 78 // malformed input 79 array( 'http:example.com' ), 80 array( 'http:80' ), 81 array( 'http://example.com:1234:5678/' ), 82 array( 'http://user:pa:ss@example.com/' ), 83 84 array( 'http://user@@example.com' ), 85 array( 'http://user@:example.com' ), 86 array( 'http://user?@example.com' ), 87 array( 'http://user@?example.com' ), 88 array( 'http://user#@example.com' ), 89 array( 'http://user@#example.com' ), 90 91 array( 'http://user@@example.com/' ), 92 array( 'http://user@:example.com/' ), 93 array( 'http://user?@example.com/' ), 94 array( 'http://user@?example.com/' ), 95 array( 'http://user#@example.com/' ), 96 array( 'http://user@#example.com/' ), 97 98 array( 'http://user:pass@@example.com' ), 99 array( 'http://user:pass@:example.com' ), 100 array( 'http://user:pass?@example.com' ), 101 array( 'http://user:pass@?example.com' ), 102 array( 'http://user:pass#@example.com' ), 103 array( 'http://user:pass@#example.com' ), 104 105 array( 'http://user:pass@@example.com/' ), 106 array( 'http://user:pass@:example.com/' ), 107 array( 'http://user:pass?@example.com/' ), 108 array( 'http://user:pass@?example.com/' ), 109 array( 'http://user:pass#@example.com/' ), 110 array( 'http://user:pass@#example.com/' ), 111 112 array( 'http://user.pass@@example.com' ), 113 array( 'http://user.pass@:example.com' ), 114 array( 'http://user.pass?@example.com' ), 115 array( 'http://user.pass@?example.com' ), 116 array( 'http://user.pass#@example.com' ), 117 array( 'http://user.pass@#example.com' ), 118 119 array( 'http://user.pass@@example.com/' ), 120 array( 'http://user.pass@:example.com/' ), 121 array( 'http://user.pass?@example.com/' ), 122 array( 'http://user.pass@?example.com/' ), 123 array( 'http://user.pass#@example.com/' ), 124 array( 'http://user.pass@#example.com/' ), 125 ); 126 } 22 127 }
Note: See TracChangeset
for help on using the changeset viewer.