WordPress.org

Make WordPress Core

Ticket #17052: 17052.diff

File 17052.diff, 1.4 KB (added by voldemortensen, 6 years ago)
  • tests/phpunit/tests/formatting/redirect.php

     
    1414                //Nesting checks
    1515                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
    1616                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
     17                $this->assertEquals('http://example.com/whyisthisintheurl/?param[1]=foo', wp_sanitize_redirect('http://example.com/whyisthisintheurl/?param[1]=foo'));
     18                $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/'));
    1719        }
    1820}
  • src/wp-includes/pluggable.php

     
    11901190 * @return string redirect-sanitized URL
    11911191 **/
    11921192function wp_sanitize_redirect($location) {
    1193         $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
     1193        $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]]|i', '', $location);
    11941194        $location = wp_kses_no_null($location);
    11951195
    11961196        // remove %0d and %0a from location