From dc0d6805be6c1c52515928d13afa0c1fa3058c74 Mon Sep 17 00:00:00 2001
From: nacin <nacin@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 21 Mar 2012 14:51:10 +0000
Subject: [PATCH] Sanitize Theme URI and Author URI in WP_Theme with
 esc_url_raw. Escape with esc_url on display. see #20103.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/class-wp-theme.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/wp-includes/class-wp-theme.php b/wp-includes/class-wp-theme.php
index a4ee60906..385d07b1d 100644
--- a/wp-includes/class-wp-theme.php
+++ b/wp-includes/class-wp-theme.php
@@ -579,7 +579,7 @@ final class WP_Theme implements ArrayAccess {
 				break;
 			case 'ThemeURI' :
 			case 'AuthorURI' :
-				$value = esc_url( $value );
+				$value = esc_url_raw( $value );
 				break;
 			case 'Tags' :
 				$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
@@ -627,6 +627,10 @@ final class WP_Theme implements ArrayAccess {
 				}
 				$value = implode( $comma, $value );
 				break;
+			case 'ThemeURI' :
+			case 'AuthorURI' :
+				$value = esc_url( $value );
+				break;
 		}
 
 		return $value;