From 3e41af84892eeb7df961ef81ac57981a6b7a7fe0 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <wp@andrewnacin.com>
Date: Tue, 10 Sep 2013 18:08:11 +0000
Subject: [PATCH] Better protocol validation in set_url_scheme().

Built from https://develop.svn.wordpress.org/trunk@25319


git-svn-id: http://core.svn.wordpress.org/trunk@25281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/link-template.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php
index 26e37ce4ed..124b6ad3cf 100644
--- a/wp-includes/link-template.php
+++ b/wp-includes/link-template.php
@@ -2240,10 +2240,17 @@ function set_url_scheme( $url, $scheme = null ) {
 			$scheme = ( is_ssl() ? 'https' : 'http' );
 	}
 
-	if ( 'relative' == $scheme )
-		$url = preg_replace( '#^.+://[^/]*#', '', $url );
-	else
-		$url = preg_replace( '#^.+://#', $scheme . '://', $url );
+	$url = trim( $url );
+	if ( $url[0] === '/' && $url[1] === '/' )
+		$url = 'http:' . $url;
+
+	if ( 'relative' == $scheme ) {
+		$url = ltrim( preg_replace( '#^\w+://[^/]*#', '', $url ) );
+		if ( $url[0] === '/' )
+			$url = '/' . ltrim($url , "/ \t\n\r\0\x0B" );
+	} else {
+		$url = preg_replace( '#^\w+://#', $scheme . '://', $url );
+	}
 
 	return apply_filters( 'set_url_scheme', $url, $scheme, $orig_scheme );
 }