sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Customize: Trim whitespace for URLs supplied for external_header_video to prevent esc_url_raw() from making them invalid.

Browse Source 
Props tyxla.
See #38172.
Fixes #39125.


git-svn-id: https://develop.svn.wordpress.org/trunk@39560 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Weston Ruter 2016-12-10 06:59:24 +00:00
parent 0369dea1e4
commit e27098f5bd
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/wp-includes/class-wp-customize-manager.php
View File

@ -3896,7 +3896,7 @@ final class WP_Customize_Manager {
$this->add_setting( 'external_header_video', array( $this->add_setting( 'external_header_video', array(
'theme_supports' => array( 'custom-header', 'video' ), 'theme_supports' => array( 'custom-header', 'video' ),
'transport' => 'postMessage', 'transport' => 'postMessage',
'sanitize_callback' => 'esc_url_raw', 'sanitize_callback' => array( $this, '_sanitize_external_header_video' ),
'validate_callback' => array( $this, '_validate_external_header_video' ), 'validate_callback' => array( $this, '_validate_external_header_video' ),
) ); ) );
@ -4318,6 +4318,18 @@ final class WP_Customize_Manager {
return $validity; return $validity;
} }
/**
* Callback for sanitizing the external_header_video value.
*
* @since 4.7.1
*
* @param string $value URL.
* @return string Sanitized URL.
*/
public function _sanitize_external_header_video( $value ) {
return esc_url_raw( trim( $value ) );
}
/** /**
* Callback for rendering the custom logo, used in the custom_logo partial. * Callback for rendering the custom logo, used in the custom_logo partial.
* *

25
tests/phpunit/tests/customize/manager.php
View File

@ -2580,6 +2580,31 @@ class Tests_WP_Customize_Manager extends WP_UnitTestCase {
$result = $this->manager->panels(); $result = $this->manager->panels();
$this->assertEquals( $panels_sorted, array_keys( $result ) ); $this->assertEquals( $panels_sorted, array_keys( $result ) );
} }
/**
* Verify sanitization of external header video URL will trim the whitespaces in the beginning and end of the URL.
*
* @ticket 39125
*/
function test_sanitize_external_header_video_trim() {
$this->manager->register_controls();
$setting = $this->manager->get_setting( 'external_header_video' );
$video_url = 'https://www.youtube.com/watch?v=KiS8rZBeIO0';
$whitespaces = array(
' ', // space
"\t", // horizontal tab
"\n", // line feed
"\r", // carriage return,
"\f", // form feed,
"\v", // vertical tab
);
foreach ( $whitespaces as $whitespace ) {
$sanitized = $setting->sanitize( $whitespace . $video_url . $whitespace );
$this->assertEquals( $video_url, $sanitized );
}
}
} }
require_once ABSPATH . WPINC . '/class-wp-customize-setting.php'; require_once ABSPATH . WPINC . '/class-wp-customize-setting.php';