WordPress.org

Make WordPress Core

Changeset 28939


Ignore:
Timestamp:
07/01/2014 03:55:04 PM (7 years ago)
Author:
SergeyBiryukov
Message:

Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect().

fixes #28362.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r28903 r28939  
    11611161 **/
    11621162function wp_sanitize_redirect($location) {
    1163     $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
     1163    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
    11641164    $location = wp_kses_no_null($location);
    11651165
  • trunk/tests/phpunit/tests/formatting/redirect.php

    r25002 r28939  
    1111        $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo'));
    1212        $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo'));
     13        $this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay'));
    1314        //Nesting checks
    1415        $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
Note: See TracChangeset for help on using the changeset viewer.