WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
06/10/2020 07:03:59 PM (6 years ago)
Author:
whyisjake
Message:

General: Backport several commits for release.

  • Embeds: Ensure that the title attribute is set correctly on embeds.
  • Editor: Prevent HTML decoding on by setting the proper editor context.
  • Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
  • Themes: Ensure a broken theme name is returned properly.
  • Administration: Add a new filter to extend set-screen-option.

Merges [47947-47951] to the 4.3 branch.

Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/4.3/src/wp-includes/pluggable.php

    r46499 r47982  
    12321232        )/x';
    12331233    $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
    1234     $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
     1234    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    12351235    $location = wp_kses_no_null($location);
    12361236
     
    13041304 **/
    13051305function wp_validate_redirect($location, $default = '') {
    1306     $location = trim( $location, " \t\n\r\0\x08\x0B" );
     1306    $location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
    13071307    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    13081308    if ( substr($location, 0, 2) == '//' )
Note: See TracChangeset for help on using the changeset viewer.