Customize: Restore ability to add Custom Link nav menu items for jump links and other URLs that were previously allowed.

Simplify regular expression for checking URL validity to just do basic checks to confirm the value looks like a URL. Leave the complete validation to the server-side logic in `WP_Customize_Nav_Menu_Item_Setting::sanitize()` to avoid having to maintain two separate codebases for validating URLs. Props westonruter, SergeyBiryukov for testing. Amends [41697]. See #32816. Fixes #42506 for 4.9. Built from https://develop.svn.wordpress.org/branches/4.9@42154 git-svn-id: http://core.svn.wordpress.org/branches/4.9@41985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-25 06:14:58 +02:00 · 2017-11-10 23:43:39 +00:00 · 2017-11-10 23:43:39 +00:00 · 6cc5d01d17
commit 6cc5d01d17
parent 523fcaca2e
3 changed files with 17 additions and 13 deletions
--- a/wp-admin/js/customize-nav-menus.js
+++ b/wp-admin/js/customize-nav-menus.js
@ -537,33 +537,37 @@
 			var menuItem,
 				itemName = $( '#custom-menu-item-name' ),
 				itemUrl = $( '#custom-menu-item-url' ),
-				urlRegex,
-				urlValue;
+				urlRegex;

 			if ( ! this.currentMenuControl ) {
 				return;
 			}

 			/*
-			 * Copyright (c) 2010-2013 Diego Perini, MIT licensed
-			 * https://gist.github.com/dperini/729294
-			 * see also https://mathiasbynens.be/demo/url-regex
-			 * modified to allow protocol-relative URLs
+			 * Allow URLs including:
+			 * - http://example.com/
+			 * - //example.com
+			 * - /directory/
+			 * - ?query-param
+			 * - #target
+			 * - mailto:foo@example.com
+			 *
+			 * Any further validation will be handled on the server when the setting is attempted to be saved,
+			 * so this pattern does not need to be complete.
 			 */
-			urlRegex = /^(?:(?:(?:https?|ftp):)?\/\/)(?:\S+(?::\S*)?@)?(?:(?!(?:10|127)(?:\.\d{1,3}){3})(?!(?:169\.254|192\.168)(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)(?:\.(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)*(?:\.(?:[a-z\u00a1-\uffff]{2,})).?)(?::\d{2,5})?(?:[/?#]\S*)?$/i;
+			urlRegex = /^((\w+:)?\/\/\w.*|\w+:(?!\/\/$)|\/|\?|#)/;

-			urlValue = itemUrl.val();
 			if ( '' === itemName.val() ) {
 				itemName.addClass( 'invalid' );
 				return;
-			} else if ( '' === urlValue || 'http://' === urlValue || ! ( '/' === urlValue[0] || urlRegex.test( urlValue ) ) ) {
+			} else if ( ! urlRegex.test( itemUrl.val() ) ) {
 				itemUrl.addClass( 'invalid' );
 				return;
 			}

 			menuItem = {
 				'title': itemName.val(),
-				'url': urlValue,
+				'url': itemUrl.val(),
 				'type': 'custom',
 				'type_label': api.Menus.data.l10n.custom_label,
 				'object': 'custom'
--- a/wp-admin/js/customize-nav-menus.min.js
+++ b/wp-admin/js/customize-nav-menus.min.js
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.9-RC2-42149';
+$wp_version = '4.9-RC2-42154';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.