#31866 closed defect (bug) (worksforme)
wp_redirect strips out special characters
Reported by: | Milmor | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.1.1 |
Component: | General | Keywords: | needs-testing |
Focuses: | Cc: |
Description
Forum post:
https://wordpress.org/support/topic/wp_redirect-strips-out-special-characters?replies=1
i have a problem with the function wp_redirect() when the url contains special characters.
wp_redirect( esc_url_raw( wp_get_attachment_url( $ID ) ) );
If the attachment url contains, for example, À, then the entire line of code leads to a 404 page because the final url won't contain that letter.
In addition:
esc_url_raw( wp_get_attachment_url( $ID ) )
is returning the correct url. Without esc_url_raw i get the same result.
It seems that wp_redirect strips out the character À. Is this normal?
(Apache server)
Change History (4)
#2
@
9 years ago
- Keywords reporter-feedback added
Hi @Milmor, would you like to try submitting a patch?
#3
@
9 years ago
- Keywords needs-testing added; reporter-feedback removed
- Resolution set to worksforme
- Status changed from new to closed
Hi @DrewAPicture,
with WordPress 4.2 i don't get that error!
In fact i found that the function wp_sanitize_redirect() in wp-includes/pluggable.php has been changed.
WordPress 4.1:
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location); $location = wp_kses_no_null($location); // remove %0d and %0a from location $strip = array('%0d', '%0a', '%0D', '%0A'); $location = _deep_replace($strip, $location); return $location;
WordPress 4.2:
$regex = '/ ( (?: [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2} | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} ){1,50} # ...one or more times )/x'; $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location ); $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location); $location = wp_kses_no_null($location); // remove %0d and %0a from location $strip = array('%0d', '%0a', '%0D', '%0A'); $location = _deep_replace($strip, $location); return $location;
Now the function returns the correct url.
I did some additional tests with a file called test èàÀ.pdf
Linux returned me test-.pdf
Windows returned me test-eaA.pdf