[wp-trac] [WordPress Trac] #31645: Press This: Reject relative URLs when scraping source html
WordPress Trac
noreply at wordpress.org
Sun Mar 15 05:26:21 UTC 2015
#31645: Press This: Reject relative URLs when scraping source html
--------------------------+------------------------------
Reporter: kraftbj | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Press This | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------------
Changes (by kraftbj):
* keywords: => has-patch
Comment:
`esc_url_raw` will purposely allow relative URLs despite having the
allowed protocols defined.
31645.patch borrows the check on
https://core.trac.wordpress.org/browser/trunk/src/wp-
includes/formatting.php?rev=31771#L3078 in `esc_url` that is exempting
relative URLs from the protocol check and adds it to `_limit_url` as a
trigger to return null.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31645#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list