WordPress.org

Make WordPress Core

Ticket #28362: 28362.patch

File 28362.patch, 1.7 KB (added by SergeyBiryukov, 8 years ago)
  • src/wp-includes/pluggable.php

     
    11561156 * @return string redirect-sanitized URL
    11571157 **/
    11581158function wp_sanitize_redirect($location) {
    1159         $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
     1159        $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
    11601160        $location = wp_kses_no_null($location);
    11611161
    11621162        // remove %0d and %0a from location
  • tests/phpunit/tests/formatting/redirect.php

     
    1010                $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago'));
    1111                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo'));
    1212                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo'));
     13                $this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay'));
    1314                //Nesting checks
    1415                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
    1516                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));