WordPress.org

Make WordPress Core

Changeset 30684


Ignore:
Timestamp:
12/01/2014 03:20:13 AM (6 years ago)
Author:
johnbillion
Message:

Allow brackets in a URL when it's sanitised for a redirect. Brackets are valid in query parameters.

Fixes #30308
Props voldemortensen

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r30683 r30684  
    11911191 **/
    11921192function wp_sanitize_redirect($location) {
    1193     $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]]|i', '', $location);
     1193    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    11941194    $location = wp_kses_no_null($location);
    11951195
  • trunk/tests/phpunit/tests/formatting/redirect.php

    r30683 r30684  
    1717        $this->assertEquals('http://example.com/whyisthisintheurl/?param[1]=foo', wp_sanitize_redirect('http://example.com/whyisthisintheurl/?param[1]=foo'));
    1818        $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/'));
     19        $this->assertEquals('http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect('http://example.com/search.php?search=(amistillhere)'));
    1920    }
    2021}
Note: See TracChangeset for help on using the changeset viewer.