[wp-trac] [WordPress Trac] #30308: Bracket characters ( and ) are incorrectly removed from wp_sanitize_redirect
WordPress Trac
noreply at wordpress.org
Tue Nov 11 01:01:11 UTC 2014
#30308: Bracket characters ( and ) are incorrectly removed from
wp_sanitize_redirect
--------------------------+-----------------------------
Reporter: jkohlbach | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 4.0
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
According to the URI spec under section 2.3 Unreserved Characters
(http://www.ietf.org/rfc/rfc2396.txt) the bracket characters ( and ) are
allowed in URI's but wp_sanitize_redirect strips them out.
This means the user is sent to the wrong URL when using wp_redirect or
wp_safe_redirect.
To reproduce, open wp-includes/pluggable.php and drop in some debug in the
wp_redirect function:
echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
$location = wp_sanitize_redirect($location);
echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
die();
Then just use wp_redirect('http://google.com/test=(12345)abcdef', 301);
and you'll see the brackets are being stripped incorrectly.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30308>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list