Sanitize URLs with HTTPS #1413
Merged
Sanitize URLs with HTTPS #1413
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jtsternberg
added a commit
that referenced
this pull request
Mar 12, 2021
jtsternberg
added a commit
that referenced
this pull request
Mar 12, 2021
lipemat
added a commit
to lipemat/CMB2
that referenced
this pull request
Mar 30, 2021
* upstream/develop: Clean up and add props for CMB2#1413 Sanitize URLs with HTTPS Add develop suffix to init class Add am-cli-tools Update changelong and version numbers and readmes, and prepare release Set default priority to 10 for options pages. Fixes CMB2#1410 build field-cache key manually to remove unnecessary |'s Better generated array key for cached fields, fixes issue where wrong field is found. Fixes CMB2#1405 Add to list of valid image types from get_allowed_mime_types(). Fixes CMB2#1223 Move tab markup output to separate method, options_page_tab_nav_output. Fixes CMB2#1407 Add cmb2_tab_group_tabs filter for adding arbitrary menu page urls to the cmb2 tabs. See CMB2#1407 Update since tag, and add props for CMB2#1340 Limit use of italic, including removing from field descriptions. Fixes CMB2#1404 Add props for CMB2#1400 move $args in deprecated_param method for 7.4 Add develop suffix to init class Prepare release and changelog for 2.8.0 Fix tests since WP_Error signature changed move $args in deprecated_param method for 7.4 Use the already-existing get_priority method. Re CMB2#1380 and CMB2#1398 Use existing "priority" field param. Fixes CMB2#1380. Closes CMB2#1398 Add admin_menu_hook_priority box property for options boxes. Fixes CMB2#1380. Closes CMB2#1398 Make field_can first param required to address php 8 "Required parameter follows optional parameter". Fixes CMB2#1396 Update includes/types/CMB2_Type_Colorpicker.php Update includes/types/CMB2_Type_Colorpicker.php Update includes/CMB2_Utils.php Prevent array to string conversion Update includes/types/CMB2_Type_Colorpicker.php Update includes/types/CMB2_Type_Colorpicker.php Update includes/types/CMB2_Type_Colorpicker.php Update includes/types/CMB2_Type_Colorpicker.php Update includes/types/CMB2_Type_Colorpicker.php Update includes/types/CMB2_Type_Colorpicker.php Added sanitize_color() function and remove PHP warnings suppresions Fixes PHP warnings on repeatable ColorPicker with an array as default
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
URLs without a scheme now get HTTPS as the default, not HTTP.
Motivation and Context
Avoids information disclosure / malicious redirection.
Fixes #1412.
Risk Level
minimal risk
Testing procedure
Tested by passing in URLs with no scheme, http: and https:
Checklist: