WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/10/2020 05:58:07 PM (17 months ago)
Author:
desrosj
Message:

General: Backport several commits for release.

  • Embeds: Ensure that the title attribute is set correctly on embeds.
  • Editor: Prevent HTML decoding on by setting the proper editor context.
  • Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
  • Themes: Ensure a broken theme name is returned properly.
  • Administration: Add a new filter to extend set-screen-option.

Merges [47948-47951] to the 5.3 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Location:
branches/5.3
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.3

  • branches/5.3/src/wp-includes/pluggable.php

    r46477 r47959  
    13921392     */
    13931393    function wp_validate_redirect( $location, $default = '' ) {
    1394         $location = trim( $location, " \t\n\r\0\x08\x0B" );
    1395         // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    1396         if ( substr( $location, 0, 2 ) == '//' ) {
     1394        $location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
     1395        // Browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'.
     1396        if ( '//' === substr( $location, 0, 2 ) ) {
    13971397            $location = 'http:' . $location;
    13981398        }
Note: See TracChangeset for help on using the changeset viewer.