[wp-hackers] Re: [wp-svn] [3939] trunk/wp-includes/pluggable.php:
Allow % so entities such as slashes don't break.
Matt Mullenweg
m at mullenweg.com
Fri Jun 30 02:20:44 GMT 2006
m at wordpress.org wrote:
> Allow % so entities such as slashes don't break.
> + $strip = array('%0d', '%0a');
> + $location = str_replace($strip, '', $location);
Is this a comprehensive list of dangerous entities that can be encoded?
Might be best to take a whitelist approach here instead for a set of
encoded entities or a fixed range.
--
Matt Mullenweg
http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com
More information about the wp-hackers
mailing list