WordPress.org

Make WordPress Core


Ignore:
Timestamp:
12/12/2016 02:05:22 AM (4 years ago)
Author:
dd32
Message:

Customize: Trim whitespace for URLs supplied for external_header_video to prevent esc_url_raw() from making them invalid.

Props tyxla.
See #38172.
Merges [39560] to the 4.7 branch.
Fixes #39125.

Location:
branches/4.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/src/wp-includes/class-wp-customize-manager.php

    r39571 r39573  
    38973897            'theme_supports'    => array( 'custom-header', 'video' ),
    38983898            'transport'         => 'postMessage',
    3899             'sanitize_callback' => 'esc_url_raw',
     3899            'sanitize_callback' => array( $this, '_sanitize_external_header_video' ),
    39003900            'validate_callback' => array( $this, '_validate_external_header_video' ),
    39013901        ) );
     
    43204320
    43214321    /**
     4322     * Callback for sanitizing the external_header_video value.
     4323     *
     4324     * @since 4.7.1
     4325     *
     4326     * @param string $value URL.
     4327     * @return string Sanitized URL.
     4328     */
     4329    public function _sanitize_external_header_video( $value ) {
     4330        return esc_url_raw( trim( $value ) );
     4331    }
     4332
     4333    /**
    43224334     * Callback for rendering the custom logo, used in the custom_logo partial.
    43234335     *
Note: See TracChangeset for help on using the changeset viewer.