Fix for URL sanitization in `wp_kses_bad_protocol_once()`.

Merges [45997] to the 4.2 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/4.2@46012


git-svn-id: http://core.svn.wordpress.org/branches/4.2@45823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
desrosj 2019-09-04 21:41:35 +00:00
parent 561924df40
commit 43cac2c9d4
1 changed files with 1 additions and 0 deletions

View File

@ -1375,6 +1375,7 @@ function wp_kses_html_error($string) {
* @return string Sanitized content * @return string Sanitized content
*/ */
function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) { function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
$string = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $string );
$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 ); $string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );
if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) { if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
$string = trim( $string2[1] ); $string = trim( $string2[1] );