Changeset 39573 for branches/4.7/src/wp-includes/class-wp-customize-manager.php

Timestamp:

12/12/2016 02:05:22 AM (8 years ago)

Author:

dd32

Message:

Customize: Trim whitespace for URLs supplied for external_header_video to prevent esc_url_raw() from making them invalid.

Props tyxla.
See #38172.
Merges [39560] to the 4.7 branch.
Fixes #39125.

Location:

branches/4.7

Files:

• . (modified) (1 prop)
• src/wp-includes/class-wp-customize-manager.php (modified) (2 diffs)

branches/4.7/src/wp-includes/class-wp-customize-manager.php

@@ -3897 +3897 @@
             'theme_supports'    => array( 'custom-header', 'video' ),
             'transport'         => 'postMessage',
-            'sanitize_callback' => 'esc_url_raw',
+            'sanitize_callback' => array( $this, '_sanitize_external_header_video' ),
             'validate_callback' => array( $this, '_validate_external_header_video' ),
         ) );
@@ -4320 +4320 @@
 
     /**
+     * Callback for sanitizing the external_header_video value.
+     *
+     * @since 4.7.1
+     *
+     * @param string $value URL.
+     * @return string Sanitized URL.
+     */
+    public function _sanitize_external_header_video( $value ) {
+        return esc_url_raw( trim( $value ) );
+    }
+
+    /**
      * Callback for rendering the custom logo, used in the custom_logo partial.
      *