WordPress.org

Make WordPress Core


Ignore:
Timestamp:
02/02/2016 03:10:09 PM (4 years ago)
Author:
ocean90
Message:

Better validation of the URL used in HTTP redirects.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r36314 r36444  
    13371337        return $default;
    13381338
    1339     // Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
    1340     if ( isset($lp['scheme'])  && !isset($lp['host']) )
     1339    // Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
     1340    if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
    13411341        return $default;
     1342    }
     1343
     1344    // Reject malformed components parse_url() can return on odd inputs.
     1345    foreach ( array( 'user', 'pass', 'host' ) as $component ) {
     1346        if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/?#@' ) ) {
     1347            return $default;
     1348        }
     1349    }
    13421350
    13431351    $wpp = parse_url(home_url());
Note: See TracChangeset for help on using the changeset viewer.