diff --git src/wp-includes/pluggable.php src/wp-includes/pluggable.php
index 794565f..304f86d 100644
|
|
if ( !function_exists('wp_sanitize_redirect') ) : |
909 | 909 | * @return string redirect-sanitized URL |
910 | 910 | **/ |
911 | 911 | function wp_sanitize_redirect($location) { |
912 | | $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location); |
| 912 | $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!\[\]]|i', '', $location); |
913 | 913 | $location = wp_kses_no_null($location); |
914 | 914 | |
915 | 915 | // remove %0d and %0a from location |
diff --git tests/phpunit/tests/formatting/redirect.php tests/phpunit/tests/formatting/redirect.php
index 97c8ec2..54e06b4 100644
|
|
class Tests_Formatting_Redirect extends WP_UnitTestCase { |
13 | 13 | //Nesting checks |
14 | 14 | $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo')); |
15 | 15 | $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo')); |
| 16 | |
| 17 | //IPv6 literals |
| 18 | $this->assertEquals('http://[::1]/wp-admin/install.php', wp_sanitize_redirect('http://[::1]/wp-admin/install.php')); |
| 19 | $this->assertEquals('http://[::1]/wp-admin/install.php', wp_sanitize_redirect('http://[::1]/wp-admin/install.php')); |
| 20 | $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:1097:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:1097:aa7]/')); |
| 21 | |
16 | 22 | } |
17 | 23 | } |