WordPress.org

Make WordPress Core

Changeset 5992


Ignore:
Timestamp:
08/30/2007 05:47:35 PM (11 years ago)
Author:
markjaquith
Message:

Better %0d/%0a sanitization for wp_redirect() from hakre. fixes #4819 for 2.0.12

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-includes/pluggable-functions.php

    r5989 r5992  
    262262    $location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location);
    263263
     264    // remove %0d and %0a from location
    264265    $strip = array('%0d', '%0a');
    265     $location = str_replace($strip, '', $location);
     266    $found = true;
     267    while($found) {
     268        $found = false;
     269        foreach($strip as $val) {
     270            while(strpos($location, $val) !== false) {
     271                $found = true;
     272                $location = str_replace($val, '', $location);
     273            }
     274        }
     275    }
    266276
    267277    if ( $is_IIS ) {
Note: See TracChangeset for help on using the changeset viewer.