Changeset 53455 for trunk/src/wp-includes/class-wp-customize-manager.php
- Timestamp:
- 06/01/2022 06:12:25 PM (2 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-manager.php
r53393 r53455 2112 2112 2113 2113 // Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installations. 2114 $self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );2114 $self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ) ); 2115 2115 $state_query_params = array( 2116 2116 'customize_theme', … … 2159 2159 'url' => array( 2160 2160 'self' => $self_url, 2161 'allowed' => array_map( ' esc_url_raw', $this->get_allowed_urls() ),2161 'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ), 2162 2162 'allowedHosts' => array_unique( $allowed_hosts ), 2163 2163 'isCrossDomain' => $this->is_cross_domain(), … … 4575 4575 */ 4576 4576 public function set_preview_url( $preview_url ) { 4577 $preview_url = esc_url_raw( $preview_url );4577 $preview_url = sanitize_url( $preview_url ); 4578 4578 $this->preview_url = wp_validate_redirect( $preview_url, home_url( '/' ) ); 4579 4579 } … … 4663 4663 */ 4664 4664 public function set_return_url( $return_url ) { 4665 $return_url = esc_url_raw( $return_url );4665 $return_url = sanitize_url( $return_url ); 4666 4666 $return_url = remove_query_arg( wp_removable_query_args(), $return_url ); 4667 4667 $return_url = wp_validate_redirect( $return_url ); … … 4895 4895 ), 4896 4896 'url' => array( 4897 'preview' => esc_url_raw( $this->get_preview_url() ),4898 'return' => esc_url_raw( $this->get_return_url() ),4899 'parent' => esc_url_raw( admin_url() ),4900 'activated' => esc_url_raw( home_url( '/' ) ),4901 'ajax' => esc_url_raw( admin_url( 'admin-ajax.php', 'relative' ) ),4902 'allowed' => array_map( ' esc_url_raw', $this->get_allowed_urls() ),4897 'preview' => sanitize_url( $this->get_preview_url() ), 4898 'return' => sanitize_url( $this->get_return_url() ), 4899 'parent' => sanitize_url( admin_url() ), 4900 'activated' => sanitize_url( home_url( '/' ) ), 4901 'ajax' => sanitize_url( admin_url( 'admin-ajax.php', 'relative' ) ), 4902 'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ), 4903 4903 'isCrossDomain' => $this->is_cross_domain(), 4904 'home' => esc_url_raw( home_url( '/' ) ),4905 'login' => esc_url_raw( $login_url ),4904 'home' => sanitize_url( home_url( '/' ) ), 4905 'login' => sanitize_url( $login_url ), 4906 4906 ), 4907 4907 'browser' => array( … … 6007 6007 } 6008 6008 } elseif ( 'background_image' === $setting->id || 'background_image_thumb' === $setting->id ) { 6009 $value = empty( $value ) ? '' : esc_url_raw( $value );6009 $value = empty( $value ) ? '' : sanitize_url( $value ); 6010 6010 } else { 6011 6011 return new WP_Error( 'unrecognized_setting', __( 'Unrecognized background setting.' ) ); … … 6080 6080 */ 6081 6081 public function _validate_external_header_video( $validity, $value ) { 6082 $video = esc_url_raw( $value );6082 $video = sanitize_url( $value ); 6083 6083 if ( $video ) { 6084 6084 if ( ! preg_match( '#^https?://(?:www\.)?(?:youtube\.com/watch|youtu\.be/)#', $video ) ) { … … 6098 6098 */ 6099 6099 public function _sanitize_external_header_video( $value ) { 6100 return esc_url_raw( trim( $value ) );6100 return sanitize_url( trim( $value ) ); 6101 6101 } 6102 6102
Note: See TracChangeset
for help on using the changeset viewer.