Changeset 41697

Timestamp:

10/03/2017 03:43:01 AM (7 years ago)

Author:

westonruter

Message:

Customize: Provide validation feedback for invalid Custom Link URLs in nav menu items.

Props RMarks, EGregor, umangvaghela123, andrew.taylor, celloexpressions, westonruter, voldemortensen.
Fixes #32816.

Location:

trunk

Files:

• src/wp-admin/css/customize-nav-menus.css (modified) (1 diff)
• src/wp-admin/js/customize-nav-menus.js (modified) (5 diffs)
• src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php (modified) (2 diffs)
• tests/phpunit/tests/customize/nav-menu-item-setting.php (modified) (2 diffs)

trunk/src/wp-admin/css/customize-nav-menus.css

@@ -560 +560 @@
 #custom-menu-item-name.invalid,
 #custom-menu-item-url.invalid,
+
 .menu-name-field.invalid,
 .menu-name-field.invalid:focus,

trunk/src/wp-admin/js/customize-nav-menus.js

@@ -536 +536 @@
             var menuItem,
                 itemName = $( '#custom-menu-item-name' ),
-                itemUrl = $( '#custom-menu-item-url' );
+                itemUrl = $( '#custom-menu-item-url' ),
+                urlRegex,
+                urlValue;
 
             if ( ! this.currentMenuControl ) {
@@ -542 +544 @@
             }
 
+
+
+
+
+
+
+
+
+
             if ( '' === itemName.val() ) {
                 itemName.addClass( 'invalid' );
                 return;
-            } else if ( '' === itemUrl.val() || 'http://' === itemUrl.val() ) {
+            } else if ( '' === ) ) {
                 itemUrl.addClass( 'invalid' );
                 return;
@@ -552 +563 @@
             menuItem = {
                 'title': itemName.val(),
-                'url': itemUrl.val(),
+                'url': ,
                 'type': 'custom',
                 'type_label': api.Menus.data.l10n.custom_label,
@@ -1388 +1399 @@
         _setupUpdateUI: function() {
             var control = this,
-                settingValue = control.setting();
+                settingValue = control.setting(),
+                updateNotifications;
 
             control.elements = {};
@@ -1471 +1483 @@
                 }
             });
+
+
+
+
+
+
+
         },
 

trunk/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

@@ -642 +642 @@
      *
      * @param array $menu_item_value The value to sanitize.
-     * @return array|false|null Null if an input isn't valid. False if it is marked for deletion.
-     *                          Otherwise the sanitized value.
+     * @return array|false|null if an input isn't valid. False if it is marked for deletion.
+     *                          Otherwise the sanitized value.
      */
     public function sanitize( $menu_item_value ) {
@@ -702 +702 @@
         $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );
 
-        $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
+        if ( '' !== $menu_item_value['url'] ) {
+            $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
+            if ( '' === $menu_item_value['url'] ) {
+                return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid.
+            }
+        }
         if ( 'publish' !== $menu_item_value['status'] ) {
             $menu_item_value['status'] = 'draft';

trunk/tests/phpunit/tests/customize/nav-menu-item-setting.php

@@ -473 +473 @@
         $this->assertNull( $setting->sanitize( 123 ) );
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
         $unsanitized = array(
             'object_id' => 'bad',
@@ -480 +518 @@
             'type' => 'custom<b>',
             'title' => '\o/ o\'o Hi<script>unfilteredHtml()</script>',
-            'url' => 'javascript:alert(1)',
+            'url' => '
             'target' => '" onclick="',
             'attr_title' => '\o/ o\'o <b>bolded</b><script>unfilteredHtml()</script>',