Skip protocol checking in esc_url() when we are dealing with a relative URL. Prevents munging of colons in paths and query strings, when present in a protocol-relative URL.

props SergeyBiryukov.
fixes #21974.



git-svn-id: http://core.svn.wordpress.org/trunk@24642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-07-10 13:45:22 +00:00
parent ca64e771da
commit bfb3b89672
1 changed files with 9 additions and 5 deletions

View File

@ -2645,11 +2645,15 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
$url = str_replace( "'", ''', $url );
}
if ( ! is_array( $protocols ) )
$protocols = wp_allowed_protocols();
$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
return '';
if ( '/' === $url[0] ) {
$good_protocol_url = $url;
} else {
if ( ! is_array( $protocols ) )
$protocols = wp_allowed_protocols();
$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
return '';
}
return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
}