vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Customize: Provide validation feedback for invalid Custom Link URLs in nav menu items.

Browse Source 
Props RMarks, EGregor, umangvaghela123, andrew.taylor, celloexpressions, westonruter, voldemortensen.
Fixes #32816.


git-svn-id: https://develop.svn.wordpress.org/trunk@41697 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Weston Ruter
2017-10-03 03:43:01 +00:00
parent 57b92c4116
commit 2e5f329cc9
4 changed files with 71 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
tests/phpunit/tests/customize/nav-menu-item-setting.php
View File

@@ -472,6 +472,44 @@ class Test_WP_Customize_Nav_Menu_Item_Setting extends WP_UnitTestCase {
$this->assertNull( $setting->sanitize( 'not an array' ) );
$this->assertNull( $setting->sanitize( 123 ) );
$valid_urls = array(
'http://example.com/',
'https://foo.example.com/hello.html',
'mailto:nobody@example.com?subject=hi',
'ftp://example.com/',
'ftps://example.com/',
'news://news.server.example/example.group.this',
'irc://irc.freenode.net/wordpress',
'gopher://example.com',
'nntp://news.server.example/example.group.this',
'feed://example.com/',
'telnet://example.com',
'mms://example.com',
'rtsp://example.com/',
'svn://develop.svn.wordpress.org/trunk',
'tel:000-000-000',
'fax:000-000-000',
'xmpp:user@host?message',
'webcal://example.com',
'urn:org.wordpress',
);
foreach ( $valid_urls as $valid_url ) {
$url_setting = $setting->sanitize( array( 'url' => $valid_url ) );
$this->assertInternalType( 'array', $url_setting );
$this->assertEquals( $valid_url, $url_setting['url'] );
}
$invalid_urls = array(
'javascript:alert(1)',
'unknown://something.out-there',
'smtp://user:pass@mailserver.thing',
);
foreach ( $invalid_urls as $invalid_url ) {
$url_setting = $setting->sanitize( array( 'url' => $invalid_url ) );
$this->assertInstanceOf( 'WP_Error', $url_setting );
$this->assertEquals( 'invalid_url', $url_setting->get_error_code() );
}
$unsanitized = array(
'object_id' => 'bad',
'object' => '<b>hello</b>',
@@ -479,7 +517,7 @@ class Test_WP_Customize_Nav_Menu_Item_Setting extends WP_UnitTestCase {
'position' => -123,
'type' => 'custom<b>',
'title' => '\o/ o\'o Hi<script>unfilteredHtml()</script>',
'url' => 'javascript:alert(1)',
'url' => '', // Note the javascript: protocol is checked above and results in a hard validation error, beyond mere sanitization.
'target' => '" onclick="',
'attr_title' => '\o/ o\'o <b>bolded</b><script>unfilteredHtml()</script>',
'description' => '\o/ o\'o <b>Hello world</b><script>unfilteredHtml()</script>',