WordPress.org

Make WordPress Core

Changeset 30683


Ignore:
Timestamp:
12/01/2014 03:15:24 AM (6 years ago)
Author:
johnbillion
Message:

Allow square brackets in a URL when it's sanitised for a redirect. Square brackets are valid in query parameters and IPv6 addresses.

Fixes #17052
Props voldemortensen

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r30667 r30683  
    11911191 **/
    11921192function wp_sanitize_redirect($location) {
    1193     $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
     1193    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]]|i', '', $location);
    11941194    $location = wp_kses_no_null($location);
    11951195
  • trunk/tests/phpunit/tests/formatting/redirect.php

    r28939 r30683  
    1515        $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
    1616        $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
     17        $this->assertEquals('http://example.com/whyisthisintheurl/?param[1]=foo', wp_sanitize_redirect('http://example.com/whyisthisintheurl/?param[1]=foo'));
     18        $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/'));
    1719    }
    1820}
Note: See TracChangeset for help on using the changeset viewer.