Changeset 28939

Timestamp:

07/01/2014 03:55:04 PM (11 years ago)

Author:

SergeyBiryukov

Message:

Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect().

fixes #28362.

Location:

trunk

Files:

• src/wp-includes/pluggable.php (modified) (1 diff)
• tests/phpunit/tests/formatting/redirect.php (modified) (1 diff)

trunk/src/wp-includes/pluggable.php

@@ -1161 +1161 @@
  **/
 function wp_sanitize_redirect($location) {
-    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
+    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
     $location = wp_kses_no_null($location);
 

trunk/tests/phpunit/tests/formatting/redirect.php

@@ -11 +11 @@
         $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo'));
         $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo'));
+        $this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay'));
         //Nesting checks
         $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));