WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#28362 closed defect (bug) (fixed)

Asterisk (*) characters are incorrectly removed in wp_sanitize_redirect

Reported by: jkohlbach Owned by: SergeyBiryukov
Milestone: 4.0 Priority: normal
Severity: normal Version: 2.0.4
Component: Formatting Keywords: has-patch commit
Focuses: Cc:

Description (last modified by SergeyBiryukov)

According to the URI spec under section 2.3 Unreserved Characters (http://www.ietf.org/rfc/rfc2396.txt) the asterisk character (*) is allowed in URI's but wp_sanitize_redirect strips them out.

This send means the user is sent to the wrong URL when using wp_redirect or wp_safe_redirect.

To reproduce, open wp-includes/pluggable.php and drop in some debug in the wp_redirect function:

echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
$location = wp_sanitize_redirect($location);
echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
die();

Then just use wp_redirect('http://google.com/test=12345*abcdef', 301); and you'll see the * is being stripped incorrectly.

Attachments (1)

28362.patch (1.7 KB) - added by SergeyBiryukov 7 years ago.

Download all attachments as: .zip

Change History (6)

#1 @SergeyBiryukov
7 years ago

  • Description modified (diff)
  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 4.0
  • Version changed from 3.9.1 to 2.0.4

Related: [3926], [3939], [11147].

#2 follow-up: @miqrogroove
7 years ago

Why only * ? Other common chars include @ and [ and ] also.

#3 in reply to: ↑ 2 @jkohlbach
7 years ago

Replying to miqrogroove:

Why only * ? Other common chars include @ and [ and ] also.

As far as I'm aware those chars aren't in the reserved characters list I linked to above.

#4 @SergeyBiryukov
7 years ago

  • Keywords commit added

#5 @SergeyBiryukov
7 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 28939:

Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect().

fixes #28362.

Note: See TracTickets for help on using tickets.