From a366e58135a1bb83822bca670a6948f1b443f65b Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Sat, 10 Dec 2016 07:00:45 +0000 Subject: [PATCH] Customize: Trim whitespace for URLs supplied for `external_header_video` to prevent `esc_url_raw()` from making them invalid. Props tyxla. See #38172. Fixes #39125. Built from https://develop.svn.wordpress.org/trunk@39560 git-svn-id: http://core.svn.wordpress.org/trunk@39500 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-customize-manager.php | 14 +++++++++++++- wp-includes/version.php | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php index 5b68a76943..4ac25232ff 100644 --- a/wp-includes/class-wp-customize-manager.php +++ b/wp-includes/class-wp-customize-manager.php @@ -3896,7 +3896,7 @@ final class WP_Customize_Manager { $this->add_setting( 'external_header_video', array( 'theme_supports' => array( 'custom-header', 'video' ), 'transport' => 'postMessage', - 'sanitize_callback' => 'esc_url_raw', + 'sanitize_callback' => array( $this, '_sanitize_external_header_video' ), 'validate_callback' => array( $this, '_validate_external_header_video' ), ) ); @@ -4318,6 +4318,18 @@ final class WP_Customize_Manager { return $validity; } + /** + * Callback for sanitizing the external_header_video value. + * + * @since 4.7.1 + * + * @param string $value URL. + * @return string Sanitized URL. + */ + public function _sanitize_external_header_video( $value ) { + return esc_url_raw( trim( $value ) ); + } + /** * Callback for rendering the custom logo, used in the custom_logo partial. * diff --git a/wp-includes/version.php b/wp-includes/version.php index 5eece559a5..1c14d9df16 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.8-alpha-39559'; +$wp_version = '4.8-alpha-39560'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.