[wp-trac] [WordPress Trac] #35719: wp_sanitize_redirect() also incorrectly URL-encodes utf-8 in domain part of IDN domain names
WordPress Trac
noreply at wordpress.org
Thu Feb 4 16:37:47 UTC 2016
#35719: wp_sanitize_redirect() also incorrectly URL-encodes utf-8 in domain part of
IDN domain names
----------------------------+-----------------------------
Reporter: eirikrye | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------------------
This can easily be tested by changing your site URL to contain a UTF-8
character (e.g. test.hellowørld.com), and then attempting to open /wp-
admin/ (which will redirect to wp-login.php). You will see the following
'Location' header being set:
http://test.hell%C3%B8world.com/wp-login.php?redirect_to= [..]
The domain part should NOT be url/percent encoded. It should be encoded
separately using Punycode. Only the path and query parameters should be
url/percent encoded. This is not a valid IRI, and certain browsers
(Safari, Firefox) will correctly complain about the hostname
"test.hell%C3%B8world.com" not existing.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35719>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list