Changeset 46023
- Timestamp:
- 09/04/2019 06:42:14 PM (5 years ago)
- Location:
- branches/3.7
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.7
-
branches/3.7/src
- Property svn:mergeinfo changed
/trunk/src merged: 45997
- Property svn:mergeinfo changed
-
branches/3.7/src/wp-includes/kses.php
r44049 r46023 1307 1307 */ 1308 1308 function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) { 1309 $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); 1309 1310 $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 ); 1310 1311 if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) { -
branches/3.7/tests/phpunit/tests/kses.php
r33389 r46023 138 138 'feed:javascript:alert(1)', 139 139 'feed:javascript:feed:javascript:feed:javascript:alert(1)', 140 'javascript:alert(1)', 141 'javascript:x=1;alert(1)', 140 142 ); 141 143 foreach ( $bad as $k => $x ) { … … 147 149 $this->assertEquals( str_replace( '&', '&', $x ), $result ); 148 150 break; 149 case 22: $this->assertEquals( 'javascript&#0000058alert(1);', $result ); break; 150 case 23: $this->assertEquals( 'javascript&#0000058alert(1)//?:', $result ); break; 151 case 24: $this->assertEquals( 'feed:alert(1)', $result ); break; 152 default: $this->fail( "wp_kses_bad_protocol failed on $x. Result: $result" ); 151 case 22: 152 $this->assertEquals( 'javascript&#0000058alert(1);', $result ); 153 break; 154 case 23: 155 $this->assertEquals( 'javascript&#0000058alert(1)//?:', $result ); 156 break; 157 case 24: 158 $this->assertEquals( 'feed:alert(1)', $result ); 159 break; 160 case 26: 161 $this->assertEquals( 'javascript&#58alert(1)', $result ); 162 break; 163 case 27: 164 $this->assertEquals( 'javascript&#x3ax=1;alert(1)', $result ); 165 break; 166 default: 167 $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" ); 153 168 } 154 169 }
Note: See TracChangeset
for help on using the changeset viewer.