From ca64e771dae5ab65d92d66efd01b445ba3484f62 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <wp@andrewnacin.com>
Date: Wed, 10 Jul 2013 13:35:30 +0000
Subject: [PATCH] In wp_http_validate_url(), only validate the protocol in lieu
 of esc_url_raw(). Ensure there is a host component to the URL. fixes #24663.

git-svn-id: http://core.svn.wordpress.org/trunk@24641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/http.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-includes/http.php b/wp-includes/http.php
index 2eb613c46b..c51794495e 100644
--- a/wp-includes/http.php
+++ b/wp-includes/http.php
@@ -339,12 +339,12 @@ function send_origin_headers() {
  * @return mixed URL or false on failure.
  */
 function wp_http_validate_url( $url ) {
-	$url = esc_url_raw( $url, array( 'http', 'https' ) );
+	$url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) );
 	if ( ! $url )
 		return false;
 
 	$parsed_url = @parse_url( $url );
-	if ( ! $parsed_url )
+	if ( ! $parsed_url || empty( $parsed_url['host'] ) )
 		return false;
 
 	if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) )