Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#31486 closed defect (bug) (fixed)

wp_redirect sends incorrect url when it contains non escaped unicode characters

Reported by: louyx's profile louyx Owned by: pento's profile pento
Milestone: 4.2 Priority: normal
Severity: normal Version: 2.3
Component: General Keywords:
Focuses: Cc:

Description

TL;DR:
When using wp_redirect to a url that contains non-ascii letters, those letters are stripped out from the HTTP Location header.

I have created a small fix for this issue by escaping every non-ascii character:

$redirect_url = preg_replace_callback('/([^\x00-\x7F])/i', function($matches) {
  return urlencode($matches[1]);
}, $redirect_url);

More Details:
Some plugins redirect to some urls containing unicode characters without escaping them first. Escape functions esc_url and esc_url_raw do not solve this either. I think solving this at core level is the best thing to do, especially that it doesn't affect the current behavior of the function.

Here's an example (in Arabic, which is RTL):

wp_redirect( 'http://example.com/tag/تجربة-1/' );
//redirects to http://example.com/tag/-1/

Change History (3)

#1 @pento
10 years ago

  • Owner set to pento
  • Status changed from new to accepted
  • Version changed from trunk to 2.3

#2 @pento
10 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 31587:

When sanitizing a URL to redirect to, UTF-8 characters can be URL encoded, instead of being removed.

While RFC 3986 does not specify which character sets are allowed in URIs, Section 2.5 states that octects matching UTF-8 character encoding should be percent-encoded, then unreserved octets outside of the UTF-8 range should be percent-encoded. As browsers tend to only implement support for UTF-8 in URLs, this change only implements the UTF-8 encoding part. We may revisit the second part if it becomes an issue.

Fixes #31486

#3 @pento
10 years ago

  • Milestone changed from Awaiting Review to 4.2
Note: See TracTickets for help on using tickets.