WordPress.org

Make WordPress Core

Ticket #17052: pluggable.17052.patch

File pluggable.17052.patch, 499 bytes (added by bluntelk, 4 years ago)

adds square braces to the regular expression for allowed characters in a safe URL

  • pluggable.php

     
    907907 * @return string redirect-sanitized URL 
    908908 **/ 
    909909function wp_sanitize_redirect($location) { 
    910         $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location); 
     910        $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!\[\]]|i', '', $location); 
    911911        $location = wp_kses_no_null($location); 
    912912 
    913913        // remove %0d and %0a from location