Changeset 46004
- Timestamp:
- 09/04/2019 06:10:34 PM (5 years ago)
- Location:
- branches/5.0
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.0
-
branches/5.0/src/wp-includes/kses.php
r44017 r46004 1408 1408 */ 1409 1409 function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) { 1410 $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); 1410 1411 $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 ); 1411 1412 if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) { -
branches/5.0/tests/phpunit/tests/kses.php
r43813 r46004 145 145 'feed:javascript:alert(1)', 146 146 'feed:javascript:feed:javascript:feed:javascript:alert(1)', 147 'javascript:alert(1)', 148 'javascript:x=1;alert(1)', 147 149 ); 148 150 foreach ( $bad as $k => $x ) { … … 157 159 case 23: $this->assertEquals( 'javascript&#0000058alert(1)//?:', $result ); break; 158 160 case 24: $this->assertEquals( 'feed:alert(1)', $result ); break; 159 default: $this->fail( "wp_kses_bad_protocol failed on $x. Result: $result" ); 161 case 26: 162 $this->assertEquals( 'javascript&#58alert(1)', $result ); 163 break; 164 case 27: 165 $this->assertEquals( 'javascript&#x3ax=1;alert(1)', $result ); 166 break; 167 default: 168 $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" ); 160 169 } 161 170 }
Note: See TracChangeset
for help on using the changeset viewer.