Ticket #28362: 28362.patch
File 28362.patch, 1.7 KB (added by , 11 years ago) |
---|
-
src/wp-includes/pluggable.php
1156 1156 * @return string redirect-sanitized URL 1157 1157 **/ 1158 1158 function wp_sanitize_redirect($location) { 1159 $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%! ]|i', '', $location);1159 $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location); 1160 1160 $location = wp_kses_no_null($location); 1161 1161 1162 1162 // remove %0d and %0a from location -
tests/phpunit/tests/formatting/redirect.php
10 10 $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago')); 11 11 $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo')); 12 12 $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo')); 13 $this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay')); 13 14 //Nesting checks 14 15 $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo')); 15 16 $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));