Changeset 36454 for branches/3.7
- Timestamp:
- 02/02/2016 04:59:34 PM (9 years ago)
- Location:
- branches/3.7
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.7/src/wp-includes/pluggable.php
r30416 r36454 977 977 $test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location; 978 978 979 $lp = parse_url($test); 979 // @-operator is used to prevent possible warnings in PHP < 5.3.3. 980 $lp = @parse_url($test); 980 981 981 982 // Give up if malformed URL … … 987 988 return $default; 988 989 989 // Reject if scheme isset but host is not. This catches urls like https:host.com for which parse_url does not set the host field.990 if ( isset($lp['scheme']) && !isset($lp['host']) )990 // Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field. 991 if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) { 991 992 return $default; 993 } 994 995 // Reject malformed components parse_url() can return on odd inputs. 996 foreach ( array( 'user', 'pass', 'host' ) as $component ) { 997 if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/?#@' ) ) { 998 return $default; 999 } 1000 } 992 1001 993 1002 $wpp = parse_url(home_url()); -
branches/3.7/tests/phpunit/tests/formatting/redirect.php
r25002 r36454 4 4 * @group pluggable 5 5 * @group formatting 6 * @group redirect 6 7 */ 7 8 class Tests_Formatting_Redirect extends WP_UnitTestCase { 9 function setUp() { 10 add_filter( 'home_url', array( $this, 'home_url' ) ); 11 } 12 13 function tearDown() { 14 remove_filter( 'home_url', array( $this, 'home_url' ) ); 15 } 16 17 function home_url() { 18 return 'http://example.com/'; 19 } 20 8 21 function test_wp_sanitize_redirect() { 9 22 $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago')); … … 15 28 $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo')); 16 29 } 30 31 /** 32 * @dataProvider valid_url_provider 33 */ 34 function test_wp_validate_redirect_valid_url( $url, $expected ) { 35 $this->assertEquals( $expected, wp_validate_redirect( $url ) ); 36 } 37 38 /** 39 * @dataProvider invalid_url_provider 40 */ 41 function test_wp_validate_redirect_invalid_url( $url ) { 42 $this->assertEquals( false, wp_validate_redirect( $url, false ) ); 43 } 44 45 function valid_url_provider() { 46 return array( 47 array( 'http://example.com', 'http://example.com' ), 48 array( 'http://example.com/', 'http://example.com/' ), 49 array( 'https://example.com/', 'https://example.com/' ), 50 array( '//example.com', 'http://example.com' ), 51 array( '//example.com/', 'http://example.com/' ), 52 array( 'http://example.com/?foo=http://example.com/', 'http://example.com/?foo=http://example.com/' ), 53 array( 'http://user@example.com/', 'http://user@example.com/' ), 54 array( 'http://user:@example.com/', 'http://user:@example.com/' ), 55 array( 'http://user:pass@example.com/', 'http://user:pass@example.com/' ), 56 ); 57 } 58 59 function invalid_url_provider() { 60 return array( 61 // parse_url() fails 62 array( '' ), 63 array( 'http://:' ), 64 65 // non-safelisted domain 66 array( 'http://non-safelisted.example/' ), 67 68 // unsupported schemes 69 array( 'data:text/plain;charset=utf-8,Hello%20World!' ), 70 array( 'file:///etc/passwd' ), 71 array( 'ftp://example.com/' ), 72 73 // malformed input 74 array( 'http:example.com' ), 75 array( 'http:80' ), 76 array( 'http://example.com:1234:5678/' ), 77 array( 'http://user:pa:ss@example.com/' ), 78 79 array( 'http://user@@example.com' ), 80 array( 'http://user@:example.com' ), 81 array( 'http://user?@example.com' ), 82 array( 'http://user@?example.com' ), 83 array( 'http://user#@example.com' ), 84 array( 'http://user@#example.com' ), 85 86 array( 'http://user@@example.com/' ), 87 array( 'http://user@:example.com/' ), 88 array( 'http://user?@example.com/' ), 89 array( 'http://user@?example.com/' ), 90 array( 'http://user#@example.com/' ), 91 array( 'http://user@#example.com/' ), 92 93 array( 'http://user:pass@@example.com' ), 94 array( 'http://user:pass@:example.com' ), 95 array( 'http://user:pass?@example.com' ), 96 array( 'http://user:pass@?example.com' ), 97 array( 'http://user:pass#@example.com' ), 98 array( 'http://user:pass@#example.com' ), 99 100 array( 'http://user:pass@@example.com/' ), 101 array( 'http://user:pass@:example.com/' ), 102 array( 'http://user:pass?@example.com/' ), 103 array( 'http://user:pass@?example.com/' ), 104 array( 'http://user:pass#@example.com/' ), 105 array( 'http://user:pass@#example.com/' ), 106 107 array( 'http://user.pass@@example.com' ), 108 array( 'http://user.pass@:example.com' ), 109 array( 'http://user.pass?@example.com' ), 110 array( 'http://user.pass@?example.com' ), 111 array( 'http://user.pass#@example.com' ), 112 array( 'http://user.pass@#example.com' ), 113 114 array( 'http://user.pass@@example.com/' ), 115 array( 'http://user.pass@:example.com/' ), 116 array( 'http://user.pass?@example.com/' ), 117 array( 'http://user.pass@?example.com/' ), 118 array( 'http://user.pass#@example.com/' ), 119 array( 'http://user.pass@#example.com/' ), 120 ); 121 } 17 122 }
Note: See TracChangeset
for help on using the changeset viewer.