esc_url() fails if the URL's scheme's case does not match the allowed protocol's case

[mdawaffe]

Steps to reproduce:

$url = esc_url( 'HTTP://example.com' );
var_dump( $url );

Expected output:

string(18) "http://example.com"

Actual output:

string(0) ""

From ​http://tools.ietf.org/html/rfc3986:

Although schemes are case-insensitive, the canonical form is lowercase and documents that specify schemes must do so with lowercase letters. An implementation should accept uppercase letters as equivalent to lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the sake of robustness but should only produce lowercase scheme names for consistency.

Patch and unit tests attached.

[alexvorn2]

I think It should validate only for lower case http not HtTp

[SergeyBiryukov]

In 1184/tests:

esc_url() test for scheme case. props mdawaffe. see #23187.

[rmccue]

Replying to alexvorn2:

I think It should validate only for lower case http not HtTp

It's completely case-insensitive, so both of those are equivalent, but the canonical form should always be 'http'.

(From memory, there may be further code in SimplePie_IRI that can be ripped out for this, but that's fairly heavy.)

[nacin]

In 23303:

Treat URL schemes as case insensitive when sanitizing them in esc_url().

props mdawaffe.
fixes #23187.
tests: [1184/tests]

[nacin]

In 23348:

Treat URL schemes as case insensitive when sanitizing them in esc_url().

Merges [23303] to the 3.5 branch.

props mdawaffe.
fixes #23187.