Context Navigation

← Previous Ticket
Next Ticket →

#35719 closed defect (bug) (duplicate)

wp_sanitize_redirect() also incorrectly URL-encodes utf-8 in domain part of IDN domain names

Reported by:	eirikrye	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:	4.6
Component:	General	Keywords:
Focuses:	administration	Cc:

Description

This can easily be tested by changing your site URL to contain a UTF-8 character (e.g. test.hellowørld.com), and then attempting to open /wp-admin/ (which will redirect to wp-login.php). You will see the following 'Location' header being set:

http://test.hell%C3%B8world.com/wp-login.php?redirect_to= ..

The domain part should NOT be url/percent encoded. It should be encoded separately using Punycode. Only the path and query parameters should be url/percent encoded. This is not a valid IRI, and certain browsers (Safari, Firefox) will correctly complain about the hostname "test.hell%C3%B8world.com" not existing.

Change History (1)

#1 @SergeyBiryukov
9 years ago

Milestone Awaiting Review deleted
Resolution set to duplicate
Status changed from new to closed

Hi @eirikrye, welcome to Trac!

Thanks for the report, we're already tracking this issue in #10690 (see also #19279 and #29170).

Related: #25113.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core