Make WordPress Core


Ignore:
Timestamp:
03/06/2017 01:40:20 PM (7 years ago)
Author:
aaroncampbell
Message:

Strip control characters before validating redirect.

Merges [40183] to 4.6 branch.

Location:
branches/4.6
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.6

  • branches/4.6/src/wp-includes/pluggable.php

    r38287 r40185  
    12791279 **/
    12801280function wp_validate_redirect($location, $default = '') {
    1281     $location = trim( $location );
     1281    $location = trim( $location, " \t\n\r\0\x08\x0B" );
    12821282    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    12831283    if ( substr($location, 0, 2) == '//' )
Note: See TracChangeset for help on using the changeset viewer.