Make WordPress Core

Changeset 33707


Ignore:
Timestamp:
08/22/2015 05:04:17 PM (9 years ago)
Author:
wonderboymusic
Message:

In wp_sanitize_redirect(), don't eat @ characters. According to RFC 3986, "@" is a perfectly valid character in a URL path or query string.

Adds unit test.

Props markjaquith.
Fixes #18818.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r33664 r33707  
    12331233        )/x';
    12341234    $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
    1235     $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
     1235    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    12361236    $location = wp_kses_no_null($location);
    12371237
  • trunk/tests/phpunit/tests/formatting/redirect.php

    r31587 r33707  
    1919        $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/'));
    2020        $this->assertEquals('http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect('http://example.com/search.php?search=(amistillhere)'));
     21        $this->assertEquals('http://example.com/@username', wp_sanitize_redirect('http://example.com/@username'));
    2122    }
    2223}
Note: See TracChangeset for help on using the changeset viewer.