WordPress.org

Make WordPress Core

Changeset 5992


Ignore:
Timestamp:
08/30/07 17:47:35 (7 years ago)
Author:
markjaquith
Message:

Better %0d/%0a sanitization for wp_redirect() from hakre. fixes #4819 for 2.0.12

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-includes/pluggable-functions.php

    r5989 r5992  
    262262    $location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location); 
    263263 
     264    // remove %0d and %0a from location 
    264265    $strip = array('%0d', '%0a'); 
    265     $location = str_replace($strip, '', $location); 
     266    $found = true; 
     267    while($found) { 
     268        $found = false; 
     269        foreach($strip as $val) { 
     270            while(strpos($location, $val) !== false) { 
     271                $found = true; 
     272                $location = str_replace($val, '', $location); 
     273            } 
     274        } 
     275    } 
    266276 
    267277    if ( $is_IIS ) { 
Note: See TracChangeset for help on using the changeset viewer.