WordPress.org

Make WordPress Core

Ticket #17052: 17052-02.patch

File 17052-02.patch, 1.6 KB (added by gcorne, 7 years ago)
  • src/wp-includes/pluggable.php

    diff --git src/wp-includes/pluggable.php src/wp-includes/pluggable.php
    index 794565f..304f86d 100644
    if ( !function_exists('wp_sanitize_redirect') ) : 
    909909 * @return string redirect-sanitized URL
    910910 **/
    911911function wp_sanitize_redirect($location) {
    912         $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
     912        $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!\[\]]|i', '', $location);
    913913        $location = wp_kses_no_null($location);
    914914
    915915        // remove %0d and %0a from location
  • tests/phpunit/tests/formatting/redirect.php

    diff --git tests/phpunit/tests/formatting/redirect.php tests/phpunit/tests/formatting/redirect.php
    index 97c8ec2..54e06b4 100644
    class Tests_Formatting_Redirect extends WP_UnitTestCase { 
    1313                //Nesting checks
    1414                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
    1515                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
     16
     17                //IPv6 literals
     18                $this->assertEquals('http://[::1]/wp-admin/install.php', wp_sanitize_redirect('http://[::1]/wp-admin/install.php'));
     19                $this->assertEquals('http://[::1]/wp-admin/install.php', wp_sanitize_redirect('http://[::1]/wp-admin/install.php'));
     20                $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:1097:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:1097:aa7]/'));
     21
    1622        }
    1723}