Make WordPress Core


Ignore:
Timestamp:
03/06/2017 01:37:43 PM (8 years ago)
Author:
aaroncampbell
Message:

Strip control characters before validating redirect.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/formatting/redirect.php

    r36444 r40183  
    6060            array( 'http://user:@example.com/', 'http://user:@example.com/' ),
    6161            array( 'http://user:pass@example.com/', 'http://user:pass@example.com/' ),
     62            array( " \t\n\r\0\x08\x0Bhttp://example.com", 'http://example.com' ),
     63            array( " \t\n\r\0\x08\x0B//example.com", 'http://example.com' ),
    6264        );
    6365    }
     
    7173            // non-safelisted domain
    7274            array( 'http://non-safelisted.example/' ),
     75
     76            // non-safelisted domain (leading whitespace)
     77            array( " \t\n\r\0\x08\x0Bhttp://non-safelisted.example.com" ),
     78            array( " \t\n\r\0\x08\x0B//non-safelisted.example.com" ),
    7379
    7480            // unsupported schemes
Note: See TracChangeset for help on using the changeset viewer.