Changeset 41697
- Timestamp:
- 10/03/2017 03:43:01 AM (7 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/css/customize-nav-menus.css
r41670 r41697 560 560 #custom-menu-item-name.invalid, 561 561 #custom-menu-item-url.invalid, 562 562 563 .menu-name-field.invalid, 563 564 .menu-name-field.invalid:focus, -
trunk/src/wp-admin/js/customize-nav-menus.js
r41020 r41697 536 536 var menuItem, 537 537 itemName = $( '#custom-menu-item-name' ), 538 itemUrl = $( '#custom-menu-item-url' ); 538 itemUrl = $( '#custom-menu-item-url' ), 539 urlRegex, 540 urlValue; 539 541 540 542 if ( ! this.currentMenuControl ) { … … 542 544 } 543 545 546 547 548 549 550 551 552 553 554 544 555 if ( '' === itemName.val() ) { 545 556 itemName.addClass( 'invalid' ); 546 557 return; 547 } else if ( '' === itemUrl.val() || 'http://' === itemUrl.val() ) {558 } else if ( '' === ) ) { 548 559 itemUrl.addClass( 'invalid' ); 549 560 return; … … 552 563 menuItem = { 553 564 'title': itemName.val(), 554 'url': itemUrl.val(),565 'url': , 555 566 'type': 'custom', 556 567 'type_label': api.Menus.data.l10n.custom_label, … … 1388 1399 _setupUpdateUI: function() { 1389 1400 var control = this, 1390 settingValue = control.setting(); 1401 settingValue = control.setting(), 1402 updateNotifications; 1391 1403 1392 1404 control.elements = {}; … … 1471 1483 } 1472 1484 }); 1485 1486 1487 1488 1489 1490 1491 1473 1492 }, 1474 1493 -
trunk/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php
r41162 r41697 642 642 * 643 643 * @param array $menu_item_value The value to sanitize. 644 * @return array|false|null Nullif an input isn't valid. False if it is marked for deletion.645 * Otherwise the sanitized value.644 * @return array|false|null if an input isn't valid. False if it is marked for deletion. 645 * Otherwise the sanitized value. 646 646 */ 647 647 public function sanitize( $menu_item_value ) { … … 702 702 $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) ); 703 703 704 $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); 704 if ( '' !== $menu_item_value['url'] ) { 705 $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); 706 if ( '' === $menu_item_value['url'] ) { 707 return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid. 708 } 709 } 705 710 if ( 'publish' !== $menu_item_value['status'] ) { 706 711 $menu_item_value['status'] = 'draft'; -
trunk/tests/phpunit/tests/customize/nav-menu-item-setting.php
r39393 r41697 473 473 $this->assertNull( $setting->sanitize( 123 ) ); 474 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 475 513 $unsanitized = array( 476 514 'object_id' => 'bad', … … 480 518 'type' => 'custom<b>', 481 519 'title' => '\o/ o\'o Hi<script>unfilteredHtml()</script>', 482 'url' => ' javascript:alert(1)',520 'url' => ' 483 521 'target' => '" onclick="', 484 522 'attr_title' => '\o/ o\'o <b>bolded</b><script>unfilteredHtml()</script>',
Note: See TracChangeset
for help on using the changeset viewer.