Changeset 42154

Timestamp:

11/10/2017 11:42:15 PM (7 years ago)

Author:

westonruter

Message:

Customize: Restore ability to add Custom Link nav menu items for jump links and other URLs that were previously allowed.

Simplify regular expression for checking URL validity to just do basic checks to confirm the value looks like a URL. Leave the complete validation to the server-side logic in WP_Customize_Nav_Menu_Item_Setting::sanitize() to avoid having to maintain two separate codebases for validating URLs.

Props westonruter, SergeyBiryukov for testing.
Amends [41697].
See #32816.
Fixes #42506 for 4.9.

Location:

branches/4.9

Files:

• . (modified) (1 prop)
• src/wp-admin/js/customize-nav-menus.js (modified) (3 diffs)

branches/4.9/src/wp-admin/js/customize-nav-menus.js

@@ -538 +538 @@
                 itemName = $( '#custom-menu-item-name' ),
                 itemUrl = $( '#custom-menu-item-url' ),
-                urlRegex,
-                urlValue;
+                urlRegex;
 
             if ( ! this.currentMenuControl ) {
@@ -546 +545 @@
 
             /*
-             * Copyright (c) 2010-2013 Diego Perini, MIT licensed
-             * https://gist.github.com/dperini/729294
-             * see also https://mathiasbynens.be/demo/url-regex
-             * modified to allow protocol-relative URLs
+             * Allow URLs including:
+             * - http://example.com/
+             * - //example.com
+             * - /directory/
+             * - ?query-param
+             * - #target
+             * - mailto:foo@example.com
+             *
+             * Any further validation will be handled on the server when the setting is attempted to be saved,
+             * so this pattern does not need to be complete.
              */
-            urlRegex = /^(?:(?:(?:https?|ftp):)?\/\/)(?:\S+(?::\S*)?@)?(?:(?!(?:10|127)(?:\.\d{1,3}){3})(?!(?:169\.254|192\.168)(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)(?:\.(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)*(?:\.(?:[a-z\u00a1-\uffff]{2,})).?)(?::\d{2,5})?(?:[/?#]\S*)?$/i;
-
-            urlValue = itemUrl.val();
+            urlRegex = /^((\w+:)?\/\/\w.*|\w+:(?!\/\/$)|\/|\?|#)/;
+
             if ( '' === itemName.val() ) {
                 itemName.addClass( 'invalid' );
                 return;
-            } else if ( '' === urlValue || 'http://' === urlValue || ! ( '/' === urlValue[0] || urlRegex.test( urlValue ) ) ) {
+            } else if ( ! urlRegex.test( itemUrl.val() ) ) {
                 itemUrl.addClass( 'invalid' );
                 return;
@@ -564 +568 @@
             menuItem = {
                 'title': itemName.val(),
-                'url': urlValue,
+                'url': itemUrl.val(),
                 'type': 'custom',
                 'type_label': api.Menus.data.l10n.custom_label,