[wp-trac] [WordPress Trac] #28362: Asterisk (*) characters are incorrectly removed in wp_sanitize_redirect
WordPress Trac
noreply at wordpress.org
Mon May 26 00:50:23 UTC 2014
#28362: Asterisk (*) characters are incorrectly removed in wp_sanitize_redirect
--------------------------+-----------------------------
Reporter: jkohlbach | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 3.9.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
According to the URI spec under section 2.3 Unreserved Characters
(http://www.ietf.org/rfc/rfc2396.txt) the asterisk character (*) is
allowed in URI's but wp_sanitize_redirect strips them out.
This send means the user is sent to the wrong URL when using wp_redirect
or wp_safe_redirect.
To reproduce, open wp-includes/pluggable.php and drop in some debug in the
wp_redirect function:
echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
$location = wp_sanitize_redirect($location);
echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
die();
Then just use wp_redirect('http://google.com/test=12345*abcdef', 301); and
you'll see the * is being stripped incorrectly.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28362>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list