Sanitize Theme URI and Author URI in WP_Theme with esc_url_raw. Escape with esc_url on display. see #20103.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-21 14:51:10 +00:00 · 2012-03-21 14:51:10 +00:00 · dc0d6805be
parent 61d7f6a476
commit dc0d6805be
1 changed files with 5 additions and 1 deletions
--- a/wp-includes/class-wp-theme.php
+++ b/wp-includes/class-wp-theme.php
@ -579,7 +579,7 @@ final class WP_Theme implements ArrayAccess {
 				break;
 			case 'ThemeURI' :
 			case 'AuthorURI' :
-				$value = esc_url( $value );
+				$value = esc_url_raw( $value );
 				break;
 			case 'Tags' :
 				$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
@ -627,6 +627,10 @@ final class WP_Theme implements ArrayAccess {
 				}
 				$value = implode( $comma, $value );
 				break;
+			case 'ThemeURI' :
+			case 'AuthorURI' :
+				$value = esc_url( $value );
+				break;
 		}

 		return $value;