Changeset 45997
- Timestamp:
- 09/04/2019 05:51:33 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/kses.php
r45590 r45997 1665 1665 */ 1666 1666 function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) { 1667 $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); 1667 1668 $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 ); 1668 1669 if ( isset( $string2[1] ) && ! preg_match( '%/\?%', $string2[0] ) ) { -
trunk/tests/phpunit/tests/kses.php
r45607 r45997 146 146 'feed:javascript:alert(1)', 147 147 'feed:javascript:feed:javascript:feed:javascript:alert(1)', 148 'javascript:alert(1)', 149 'javascript:x=1;alert(1)', 148 150 ); 149 151 foreach ( $bad as $k => $x ) { … … 166 168 $this->assertEquals( 'feed:alert(1)', $result ); 167 169 break; 170 case 26: 171 $this->assertEquals( 'javascript&#58alert(1)', $result ); 172 break; 173 case 27: 174 $this->assertEquals( 'javascript&#x3ax=1;alert(1)', $result ); 175 break; 168 176 default: 169 $this->fail( "wp_kses_bad_protocol failed on $ x. Result: $result" );177 $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" ); 170 178 } 171 179 }
Note: See TracChangeset
for help on using the changeset viewer.