[wp-trac] [WordPress Trac] #34407: esc_url() cannot handle a relative URL containing a : character (IPv6)
WordPress Trac
noreply at wordpress.org
Fri Oct 23 05:07:05 UTC 2015
#34407: esc_url() cannot handle a relative URL containing a : character (IPv6)
--------------------------+-----------------------------
Reporter: dd32 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Split off from #34202 / #34054
When using a relative URL with `esc_url()` nothing will be returned if the
string contains a `:` character, for example, one which occurs within an
IPv6 address.
This will output nothing:
{{{#!php
<?php
echo esc_url( 'edit-
comments.php?s=2001:0db8:0000:0000:0000:ff00:0042:8329' );
}}}
The cause boils down to `wp_kses_bad_protocol()` which through
`wp_kses_bad_protocol_once()` assumes anything before `:` in a URL is a
protocol.
Relative URL's such as `/edit-comments.php?s=2001:0db8..` succeed as
`esc_url()` identifies them as relative, and never calls
`wp_kses_bad_protocol()`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34407>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list