From 91712711eb088fae8ae3737b4c19aa9f76008ec1 Mon Sep 17 00:00:00 2001
From: Aaron Jorbin <aaron@jorb.in>
Date: Fri, 3 Jul 2015 14:28:23 +0000
Subject: [PATCH] Don't strip newline in esc_url() when protocol is mailto:

The mailto protocol is a bit different than the other protocols in that new lines are something you might realistically want to include. Includes tests to make sure that http protocol urls that contain mailto: aren't affected. Tests for stripping newlines in general already exist.

Fixes #31632
Props danielbachhuber


Built from https://develop.svn.wordpress.org/trunk@33064


git-svn-id: http://core.svn.wordpress.org/trunk@33035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/about.php         | 2 +-
 wp-includes/formatting.php | 6 ++++--
 wp-includes/version.php    | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/wp-admin/about.php b/wp-admin/about.php
index 1f387eb9b1..ef81bd3714 100644
--- a/wp-admin/about.php
+++ b/wp-admin/about.php
@@ -41,7 +41,7 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 </h2>
 
 <div class="headline-feature feature-video">
-	<embed type="application/x-shockwave-flash" src="https://v0.wordpress.com/player.swf?v=1.04" width="1000" height="560" wmode="direct" seamlesstabbing="true" allowfullscreen="true" allowscriptaccess="always" overstretch="true" flashvars="guid=e9kH4FzP&amp;isDynamicSeeking=true"></embed>
+<iframe width="560" height="315" src="https://www.youtube.com/embed/LCZ-cxfxzvk" frameborder="0" allowfullscreen></iframe>
 </div>
 
 <hr />
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 987b4af382..f430a5767a 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -3159,8 +3159,10 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
 	if ( '' == $url )
 		return $url;
 	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
-	$strip = array('%0d', '%0a', '%0D', '%0A');
-	$url = _deep_replace($strip, $url);
+	if ( 0 !== stripos( $url, 'mailto:' ) ) {
+		$strip = array('%0d', '%0a', '%0D', '%0A');
+		$url = _deep_replace($strip, $url);
+	}
 	$url = str_replace(';//', '://', $url);
 	/* If the URL doesn't appear to contain a scheme, we
 	 * presume it needs http:// appended (unless a relative
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 3bad7925e4..9d7733c2b2 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.3-beta1-33062';
+$wp_version = '4.3-beta1-33064';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.