Changeset 46000
- Timestamp:
- 09/04/2019 05:56:11 PM (5 years ago)
- Location:
- branches/5.2
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.2
-
branches/5.2/src/wp-includes/kses.php
r45242 r46000 1658 1658 */ 1659 1659 function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) { 1660 $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); 1660 1661 $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 ); 1661 1662 if ( isset( $string2[1] ) && ! preg_match( '%/\?%', $string2[0] ) ) { -
branches/5.2/tests/phpunit/tests/kses.php
r44156 r46000 145 145 'feed:javascript:alert(1)', 146 146 'feed:javascript:feed:javascript:feed:javascript:alert(1)', 147 'javascript:alert(1)', 148 'javascript:x=1;alert(1)', 147 149 ); 148 150 foreach ( $bad as $k => $x ) { … … 165 167 $this->assertEquals( 'feed:alert(1)', $result ); 166 168 break; 169 case 26: 170 $this->assertEquals( 'javascript&#58alert(1)', $result ); 171 break; 172 case 27: 173 $this->assertEquals( 'javascript&#x3ax=1;alert(1)', $result ); 174 break; 167 175 default: 168 $this->fail( "wp_kses_bad_protocol failed on $ x. Result: $result" );176 $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" ); 169 177 } 170 178 }
Note: See TracChangeset
for help on using the changeset viewer.