Changeset 46895
- Timestamp:
- 12/12/2019 05:52:18 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
-
src/wp-includes/kses.php (modified) (1 diff)
-
tests/phpunit/tests/kses.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/kses.php
r46793 r46895 1666 1666 function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) { 1667 1667 $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); 1668 $string2 = preg_split( '/:|�*58;|�*3a; /i', $string, 2 );1668 $string2 = preg_split( '/:|�*58;|�*3a;|:/i', $string, 2 ); 1669 1669 if ( isset( $string2[1] ) && ! preg_match( '%/\?%', $string2[0] ) ) { 1670 1670 $string = trim( $string2[1] ); -
trunk/tests/phpunit/tests/kses.php
r46793 r46895 180 180 } 181 181 182 $bad_not_normalized = array( 183 'dummy:alert(1)', 184 'javascript:alert(1)', 185 'javascript&CoLon;alert(1)', 186 'javascript:alert(1);', 187 'javascript:alert(1);', 188 'javascript:alert(1);', 189 'javascript:alert(1);', 190 'jav ascript:alert(1);', 191 'javascript:javascript:alert(1);', 192 'javascript:javascript:alert(1);', 193 'javascript:javascript:alert(1);', 194 'javascript:javascript:alert(1);', 195 'javascript:alert(1)', 196 ); 197 foreach ( $bad_not_normalized as $k => $x ) { 198 $result = wp_kses_bad_protocol( $x, wp_allowed_protocols() ); 199 if ( ! empty( $result ) && 'alert(1);' !== $result && 'alert(1)' !== $result ) { 200 $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" ); 201 } 202 } 203 182 204 $safe = array( 183 205 'dummy:alert(1)',
Note: See TracChangeset
for help on using the changeset viewer.