From 1a067a5e4caa78e360858de1665830f9736d140d Mon Sep 17 00:00:00 2001
From: Andrew Ozz <azaozz@git.wordpress.org>
Date: Wed, 18 Mar 2015 20:42:38 +0000
Subject: [PATCH] Press This: prepend the site domain to root-relative URLs.
 Reject other relative URLs. Part props stephdau, kraftbj. Fixes #31645.

git-svn-id: https://develop.svn.wordpress.org/trunk@31818 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/class-wp-press-this.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/wp-admin/includes/class-wp-press-this.php b/src/wp-admin/includes/class-wp-press-this.php
index c943a6297b..369c9006ad 100644
--- a/src/wp-admin/includes/class-wp-press-this.php
+++ b/src/wp-admin/includes/class-wp-press-this.php
@@ -18,6 +18,8 @@ class WP_Press_This {
 
 	private $embeds = array();
 
+	private $domain = '';
+
 	/**
 	 * Constructor.
 	 *
@@ -328,6 +330,16 @@ class WP_Press_This {
 			return '';
 		}
 
+		// If the URL is root-relative, prepend the protocol and domain name
+		if ( $url && $this->domain && preg_match( '%^/[^/]+%', $url ) ) {
+			$url = $this->domain . $url;
+		}
+
+		// Not absolute or protocol-relative URL.
+		if ( ! preg_match( '%^(?:https?:)?//[^/]+%', $url ) ) {
+			return '';
+		}
+
 		return esc_url_raw( $url, array( 'http', 'https' ) );
 	}
 
@@ -573,6 +585,10 @@ class WP_Press_This {
 
 			if ( 'u' === $key ) {
 				$value = $this->_limit_url( $value );
+
+				if ( preg_match( '%^(?:https?:)?//[^/]+%i', $value, $domain_match ) ) {
+					$this->domain = $domain_match[0];
+				}
 			} else {
 				$value = $this->_limit_string( $value );
 			}