Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Bail out early from `esc_url()` if the URL becomes empty after stripping out disallowed characters. 

Fixes #28015
Props jesin for the unit test

Built from https://develop.svn.wordpress.org/trunk@33923


git-svn-id: http://core.svn.wordpress.org/trunk@33892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
John Blackbourn 2015-09-05 21:29:25 +00:00
parent 9e6f9a5d93
commit bdde0261bc
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-includes/formatting.php
View File

@ -3277,6 +3277,11 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
$url = str_replace( ' ', '%20', $url );
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
if ( '' === $url ) {
return $url;
}
if ( 0 !== stripos( $url, 'mailto:' ) ) {
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = _deep_replace($strip, $url);

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.4-alpha-33922';
$wp_version = '4.4-alpha-33923';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.