Ticket #18818: 18818.2.diff
| File 18818.2.diff, 1.5 KB (added by , 6 years ago) |
|---|
-
src/wp-includes/pluggable.php
function wp_sanitize_redirect($location) { 1214 1214 ){1,50} # ...one or more times 1215 1215 )/x'; 1216 1216 $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location ); 1217 $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]() ]|i', '', $location);1217 $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location); 1218 1218 $location = wp_kses_no_null($location); 1219 1219 1220 1220 // remove %0d and %0a from location -
tests/phpunit/tests/formatting/redirect.php
class Tests_Formatting_Redirect extends WP_UnitTestCase { 18 18 $this->assertEquals('http://example.com/whyisthisintheurl/?param[1]=foo', wp_sanitize_redirect('http://example.com/whyisthisintheurl/?param[1]=foo')); 19 19 $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/')); 20 20 $this->assertEquals('http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect('http://example.com/search.php?search=(amistillhere)')); 21 $this->assertEquals('http://example.com/@username', wp_sanitize_redirect('http://example.com/@username')); 21 22 } 22 23 }