Changeset 46908
- Timestamp:
- 12/12/2019 06:37:13 PM (5 years ago)
- Location:
- branches/4.0
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.0
-
branches/4.0/src/wp-includes/kses.php
r46015 r46908 1342 1342 function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) { 1343 1343 $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); 1344 $string2 = preg_split( '/:|�*58;|�*3a; /i', $string, 2 );1344 $string2 = preg_split( '/:|�*58;|�*3a;|:/i', $string, 2 ); 1345 1345 if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) { 1346 1346 $string = trim( $string2[1] ); -
branches/4.0/tests/phpunit/tests/kses.php
r46015 r46908 170 170 } 171 171 172 $bad_not_normalized = array( 173 'dummy:alert(1)', 174 'javascript:alert(1)', 175 'javascript&CoLon;alert(1)', 176 'javascript:alert(1);', 177 'javascript:alert(1);', 178 'javascript:alert(1);', 179 'javascript:alert(1);', 180 'jav ascript:alert(1);', 181 'javascript:javascript:alert(1);', 182 'javascript:javascript:alert(1);', 183 'javascript:javascript:alert(1);', 184 'javascript:javascript:alert(1);', 185 'javascript:alert(1)', 186 ); 187 foreach ( $bad_not_normalized as $k => $x ) { 188 $result = wp_kses_bad_protocol( $x, wp_allowed_protocols() ); 189 if ( ! empty( $result ) && 'alert(1);' !== $result && 'alert(1)' !== $result ) { 190 $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" ); 191 } 192 } 193 172 194 $safe = array( 173 195 'dummy:alert(1)',
Note: See TracChangeset
for help on using the changeset viewer.