Ticket #17052: 17052.diff
File 17052.diff, 1.4 KB (added by , 10 years ago) |
---|
-
tests/phpunit/tests/formatting/redirect.php
14 14 //Nesting checks 15 15 $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo')); 16 16 $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo')); 17 $this->assertEquals('http://example.com/whyisthisintheurl/?param[1]=foo', wp_sanitize_redirect('http://example.com/whyisthisintheurl/?param[1]=foo')); 18 $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/')); 17 19 } 18 20 } -
src/wp-includes/pluggable.php
1190 1190 * @return string redirect-sanitized URL 1191 1191 **/ 1192 1192 function wp_sanitize_redirect($location) { 1193 $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!* ]|i', '', $location);1193 $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]]|i', '', $location); 1194 1194 $location = wp_kses_no_null($location); 1195 1195 1196 1196 // remove %0d and %0a from location