Make WordPress Core


Ignore:
Timestamp:
11/03/2019 10:08:56 PM (5 years ago)
Author:
jorbin
Message:

General: wp_safe_redirect() and wp_redirect() shouldn't allow non-3xx status codes

Redirects should use redirect status codes and if you attempt to call wp_safe_redirect or wp_redirect with a non redirect status it can lead to undesired behavior and head scratching.

Fixes #44317.
Props spenserhale, johnbillion, mjnewman for initial patch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/pluggable.php

    r46586 r46641  
    55 */
    66class Tests_Pluggable extends WP_UnitTestCase {
     7
     8    /**
     9     * @dataProvider get_good_status_codes
     10     *
     11     * @ticket 44317
     12     * @param string $location The path or URL to redirect to.
     13     * @param int $status HTTP response status code to use.
     14     */
     15    public function test_wp_redirect_good_status_code( $location, $status ) {
     16        $this->assertTrue( wp_redirect( $location, $status ) );
     17    }
     18
     19    public function get_good_status_codes() {
     20        return [
     21            // Expected Statuses
     22            [ '/wp-admin', 301 ],
     23            [ '/wp-admin', 302 ],
     24            [ '/wp-admin', 307 ],
     25            // Outliers that are valid
     26            [ '/wp-admin', 300 ],
     27            [ '/wp-admin', 399 ],
     28        ];
     29    }
     30
     31    /**
     32     * @expectedException WPDieException
     33     * @dataProvider get_bad_status_codes
     34     *
     35     * @ticket 44317
     36     * @param string $location The path or URL to redirect to.
     37     * @param int $status HTTP response status code to use.
     38     */
     39    public function test_wp_redirect_bad_status_code( $location, $status ) {
     40        wp_redirect( $location, $status );
     41    }
     42
     43    public function get_bad_status_codes() {
     44        return [
     45            // Tests for bad arguments
     46            [ '/wp-admin', 404 ],
     47            [ '/wp-admin', 410 ],
     48            [ '/wp-admin', 500 ],
     49            // Tests for condition.
     50            [ '/wp-admin', 299 ],
     51            [ '/wp-admin', 400 ],
     52        ];
     53    }
    754
    855    /**
Note: See TracChangeset for help on using the changeset viewer.