Opened 13 years ago
Closed 13 years ago
#19665 closed defect (bug) (fixed)
Plugin installer beaks https URLs
Reported by: | sirzooro | Owned by: | duck_ |
---|---|---|---|
Milestone: | 3.4 | Priority: | normal |
Severity: | normal | Version: | 3.3 |
Component: | Upgrade/Install | Keywords: | has-patch |
Focuses: | Cc: |
Description
From plugin installer search for plugin which has https link(s) in its readme.txt (e.g. AntiVirus). When you show details for such plugin, all https links will be broken - they will be prefixed by link to plugin's page in repository. I am not sure if API returns such links, or this prefix is added on WP side.
These link(s) are displayed correctly on wordpress.org plugin's page.
Attachments (3)
Change History (8)
#1
@
13 years ago
- Keywords has-patch added; needs-patch removed
- Milestone changed from Awaiting Review to 3.4
#2
@
13 years ago
19665.2.diff doesn't prepend anything that starts with a protocol like string (e.g. mailto:, irc:, svn:) and ensures that the URL actually begins with said protocol rather than just appearing somewhere in it.
#3
@
13 years ago
@duck_: mailto protocol does not use slashes - e.g. mailto:someone@somewhere.com
. So your path should look for ":" after word only.
#4
@
13 years ago
19665.3.patch uses wp_allowed_protocols()
for additional validation.
Links in plugin descriptions go through
links_add_base_url().
The problem is that
_links_add_base()
only checks forhttp
:http://core.trac.wordpress.org/browser/tags/3.3/wp-includes/formatting.php#L2815