Opened 11 years ago
Closed 10 years ago
#28362 closed defect (bug) (fixed)
Asterisk (*) characters are incorrectly removed in wp_sanitize_redirect
Reported by: | jkohlbach | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 4.0 | Priority: | normal |
Severity: | normal | Version: | 2.0.4 |
Component: | Formatting | Keywords: | has-patch commit |
Focuses: | Cc: |
Description (last modified by )
According to the URI spec under section 2.3 Unreserved Characters (http://www.ietf.org/rfc/rfc2396.txt) the asterisk character (*) is allowed in URI's but wp_sanitize_redirect strips them out.
This send means the user is sent to the wrong URL when using wp_redirect or wp_safe_redirect.
To reproduce, open wp-includes/pluggable.php and drop in some debug in the wp_redirect function:
echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>'; $location = wp_sanitize_redirect($location); echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>'; die();
Then just use wp_redirect('http://google.com/test=12345*abcdef', 301);
and you'll see the * is being stripped incorrectly.
Attachments (1)
Change History (6)
#1
@
11 years ago
- Description modified (diff)
- Keywords has-patch added
- Milestone changed from Awaiting Review to 4.0
- Version changed from 3.9.1 to 2.0.4
#3
in reply to:
↑ 2
@
10 years ago
Replying to miqrogroove:
Why only * ? Other common chars include @ and [ and ] also.
As far as I'm aware those chars aren't in the reserved characters list I linked to above.
Note: See
TracTickets for help on using
tickets.
Related: [3926], [3939], [11147].