Skip protocol checking in esc_url() when we are dealing with a relative URL. Prevents munging of colons in paths and query strings, when present in a protocol-relative URL.

props SergeyBiryukov. fixes #21974. git-svn-id: http://core.svn.wordpress.org/trunk@24642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-12-22 17:18:32 +01:00 · 2013-07-10 13:45:22 +00:00 · 2013-07-10 13:45:22 +00:00 · bfb3b89672
commit bfb3b89672
parent ca64e771da
1 changed files with 9 additions and 5 deletions
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@ -2645,11 +2645,15 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
 		$url = str_replace( "'", '&#039;', $url );
 	}

-	if ( ! is_array( $protocols ) )
-		$protocols = wp_allowed_protocols();
-	$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
-	if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
-		return '';
+	if ( '/' === $url[0] ) {
+		$good_protocol_url = $url;
+	} else {
+		if ( ! is_array( $protocols ) )
+			$protocols = wp_allowed_protocols();
+		$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
+		if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
+			return '';
+	}

 	return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
 }