WordPress.org

Make WordPress Core

Ticket #30308: 30308.diff

File 30308.diff, 1.3 KB (added by voldemortensen, 6 years ago)
  • src/wp-includes/pluggable.php

     
    11901190 * @return string redirect-sanitized URL
    11911191 **/
    11921192function wp_sanitize_redirect($location) {
    1193         $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
     1193        $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*()]|i', '', $location);
    11941194        $location = wp_kses_no_null($location);
    11951195
    11961196        // remove %0d and %0a from location
  • tests/phpunit/tests/formatting/redirect.php

     
    1414                //Nesting checks
    1515                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
    1616                $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
     17                $this->assertEquals('http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect('http://example.com/search.php?search=(amistillhere)'));
    1718        }
    1819}