diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php index 0a10d6be7e..212ccc043d 100644 --- a/src/wp-includes/kses.php +++ b/src/wp-includes/kses.php @@ -1383,6 +1383,7 @@ function wp_kses_html_error($string) { * @return string Sanitized content */ function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) { + $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 ); if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) { $string = trim( $string2[1] ); diff --git a/tests/phpunit/tests/kses.php b/tests/phpunit/tests/kses.php index bc62c58c6c..5e40b46d3c 100644 --- a/tests/phpunit/tests/kses.php +++ b/tests/phpunit/tests/kses.php @@ -137,6 +137,8 @@ EOF; 'javascript:alert(1)//?:', 'feed:javascript:alert(1)', 'feed:javascript:feed:javascript:feed:javascript:alert(1)', + 'javascript:alert(1)', + 'javascript:x=1;alert(1)', ); foreach ( $bad as $k => $x ) { $result = wp_kses_bad_protocol( wp_kses_normalize_entities( $x ), wp_allowed_protocols() ); @@ -146,10 +148,23 @@ EOF; case 12: $this->assertEquals( str_replace( '&', '&', $x ), $result ); break; - case 22: $this->assertEquals( 'javascript&#0000058alert(1);', $result ); break; - case 23: $this->assertEquals( 'javascript&#0000058alert(1)//?:', $result ); break; - case 24: $this->assertEquals( 'feed:alert(1)', $result ); break; - default: $this->fail( "wp_kses_bad_protocol failed on $x. Result: $result" ); + case 22: + $this->assertEquals( 'javascript&#0000058alert(1);', $result ); + break; + case 23: + $this->assertEquals( 'javascript&#0000058alert(1)//?:', $result ); + break; + case 24: + $this->assertEquals( 'feed:alert(1)', $result ); + break; + case 26: + $this->assertEquals( 'javascript&#58alert(1)', $result ); + break; + case 27: + $this->assertEquals( 'javascript&#x3ax=1;alert(1)', $result ); + break; + default: + $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" ); } } }