Customize: Trim whitespace for URLs supplied for external_header_video to prevent esc_url_raw() from making them invalid.

Props tyxla. See #38172. Merges [39560] to the 4.7 branch. Fixes #39125. Built from https://develop.svn.wordpress.org/branches/4.7@39573 git-svn-id: http://core.svn.wordpress.org/branches/4.7@39513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-11-15 07:05:37 +01:00 · 2016-12-12 02:06:32 +00:00 · 2016-12-12 02:06:32 +00:00 · c3f619e2d0
commit c3f619e2d0
parent 900cd6c47d
1 changed files with 13 additions and 1 deletions
--- a/wp-includes/class-wp-customize-manager.php
+++ b/wp-includes/class-wp-customize-manager.php
@ -3896,7 +3896,7 @@ final class WP_Customize_Manager {
 		$this->add_setting( 'external_header_video', array(
 			'theme_supports'    => array( 'custom-header', 'video' ),
 			'transport'         => 'postMessage',
-			'sanitize_callback' => 'esc_url_raw',
+			'sanitize_callback' => array( $this, '_sanitize_external_header_video' ),
 			'validate_callback' => array( $this, '_validate_external_header_video' ),
 		) );

@ -4318,6 +4318,18 @@ final class WP_Customize_Manager {
 		return $validity;
 	}

+	/**
+	 * Callback for sanitizing the external_header_video value.
+	 *
+	 * @since 4.7.1
+	 *
+	 * @param string $value URL.
+	 * @return string Sanitized URL.
+	 */
+	public function _sanitize_external_header_video( $value ) {
+		return esc_url_raw( trim( $value ) );
+	}
+
 	/**
 	 * Callback for rendering the custom logo, used in the custom_logo partial.
 	 *