WordPress.org

Make WordPress Core

Ticket #18818: 18818.2.diff

File 18818.2.diff, 1.5 KB (added by markjaquith, 6 years ago)

refreshed and added a unit test

  • src/wp-includes/pluggable.php

    function wp_sanitize_redirect($location) { 
    12141214                ){1,50}                              # ...one or more times
    12151215                )/x';
    12161216        $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
    1217         $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
     1217        $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    12181218        $location = wp_kses_no_null($location);
    12191219
    12201220        // remove %0d and %0a from location
  • tests/phpunit/tests/formatting/redirect.php

    class Tests_Formatting_Redirect extends WP_UnitTestCase { 
    1818                $this->assertEquals('http://example.com/whyisthisintheurl/?param[1]=foo', wp_sanitize_redirect('http://example.com/whyisthisintheurl/?param[1]=foo'));
    1919                $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/'));
    2020                $this->assertEquals('http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect('http://example.com/search.php?search=(amistillhere)'));
     21                $this->assertEquals('http://example.com/@username', wp_sanitize_redirect('http://example.com/@username'));
    2122        }
    2223}