Opened 10 years ago
Closed 10 years ago
#30308 closed defect (bug) (fixed)
Bracket characters ( and ) are incorrectly removed from wp_sanitize_redirect
Reported by: | jkohlbach | Owned by: | johnbillion |
---|---|---|---|
Milestone: | 4.1 | Priority: | normal |
Severity: | normal | Version: | 4.0 |
Component: | Formatting | Keywords: | has-patch |
Focuses: | Cc: |
Description
According to the URI spec under section 2.3 Unreserved Characters (http://www.ietf.org/rfc/rfc2396.txt) the bracket characters ( and ) are allowed in URI's but wp_sanitize_redirect strips them out.
This means the user is sent to the wrong URL when using wp_redirect or wp_safe_redirect.
To reproduce, open wp-includes/pluggable.php and drop in some debug in the wp_redirect function:
echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
$location = wp_sanitize_redirect($location);
echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
die();
Then just use wp_redirect('http://google.com/test=(12345)abcdef', 301); and you'll see the brackets are being stripped incorrectly.
Attachments (1)
Change History (8)
#2
in reply to:
↑ 1
@
10 years ago
Replying to SergeyBiryukov:
Hi Sergey,
That other ticket is for square brackets, not rounded brackets, ideally they should be both fixed :)
Cheers,
Josh
#3
@
10 years ago
- Keywords has-patch added
This excludes parenthesis from the preg_replace and includes unit tests.
Related/duplicate: #17052, #26037.