WordPress.org

Make WordPress Core

Changeset 46462


Ignore:
Timestamp:
10/11/2019 11:52:11 PM (5 weeks ago)
Author:
SergeyBiryukov
Message:

Formatting: Make sure wp_sanitize_redirect() encodes spaces in URLs instead of stripping them out.

Props donmhico, hlashbrooke, dd32, azaozz.
Fixes #36998.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r46232 r46462  
    12811281     */
    12821282    function wp_sanitize_redirect( $location ) {
     1283        // Encode spaces.
     1284        $location = str_replace( ' ', '%20', $location );
     1285
    12831286        $regex    = '/
    12841287        (
     
    12971300        $location = wp_kses_no_null( $location );
    12981301
    1299         // remove %0d and %0a from location
     1302        // Remove %0D and %0A from location.
    13001303        $strip = array( '%0d', '%0a', '%0D', '%0A' );
    13011304        return _deep_replace( $strip, $location );
  • trunk/tests/phpunit/tests/formatting/redirect.php

    r44584 r46462  
    3535        $this->assertEquals( 'http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect( 'http://example.com/search.php?search=(amistillhere)' ) );
    3636        $this->assertEquals( 'http://example.com/@username', wp_sanitize_redirect( 'http://example.com/@username' ) );
     37    }
     38
     39    /**
     40     * @group 36998
     41     */
     42    function test_wp_sanitize_redirect_should_encode_spaces() {
     43        $this->assertEquals( 'http://example.com/test%20spaces', wp_sanitize_redirect( 'http://example.com/test%20spaces' ) );
     44        $this->assertEquals( 'http://example.com/test%20spaces%20in%20url', wp_sanitize_redirect( 'http://example.com/test spaces in url' ) );
    3745    }
    3846
Note: See TracChangeset for help on using the changeset viewer.