Changeset 46016
- Timestamp:
- 09/04/2019 06:37:11 PM (5 years ago)
- Location:
- branches/3.9
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.9
-
branches/3.9/src/wp-includes/kses.php
r44045 r46016 1335 1335 */ 1336 1336 function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) { 1337 $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); 1337 1338 $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 ); 1338 1339 if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) { -
branches/3.9/tests/phpunit/tests/kses.php
r33386 r46016 138 138 'feed:javascript:alert(1)', 139 139 'feed:javascript:feed:javascript:feed:javascript:alert(1)', 140 'javascript:alert(1)', 141 'javascript:x=1;alert(1)', 140 142 ); 141 143 foreach ( $bad as $k => $x ) { … … 147 149 $this->assertEquals( str_replace( '&', '&', $x ), $result ); 148 150 break; 149 case 22: $this->assertEquals( 'javascript&#0000058alert(1);', $result ); break; 150 case 23: $this->assertEquals( 'javascript&#0000058alert(1)//?:', $result ); break; 151 case 24: $this->assertEquals( 'feed:alert(1)', $result ); break; 152 default: $this->fail( "wp_kses_bad_protocol failed on $x. Result: $result" ); 151 case 22: 152 $this->assertEquals( 'javascript&#0000058alert(1);', $result ); 153 break; 154 case 23: 155 $this->assertEquals( 'javascript&#0000058alert(1)//?:', $result ); 156 break; 157 case 24: 158 $this->assertEquals( 'feed:alert(1)', $result ); 159 break; 160 case 26: 161 $this->assertEquals( 'javascript&#58alert(1)', $result ); 162 break; 163 case 27: 164 $this->assertEquals( 'javascript&#x3ax=1;alert(1)', $result ); 165 break; 166 default: 167 $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" ); 153 168 } 154 169 }
Note: See TracChangeset
for help on using the changeset viewer.