diff --git a/wp-includes/pluggable-functions.php b/wp-includes/pluggable-functions.php
index c7bcf10fa4..3198d20075 100644
--- a/wp-includes/pluggable-functions.php
+++ b/wp-includes/pluggable-functions.php
@@ -261,7 +261,10 @@ if ( !function_exists('wp_redirect') ) :
 function wp_redirect($location) {
 	global $is_IIS;
 
-	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $location);
+	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
+
+	$strip = array('%0d', '%0a');
+	$location = str_replace($strip, '', $location);
 
 	if ($is_IIS)
 		header("Refresh: 0;url=$location");