Introduce _deep_replace() and use it to improve the stripping of percent encoded values from urls. Fixes #10226 for trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
740a42b75a
commit
0dba5eddcf
|
@ -65,8 +65,8 @@ case 'update':
|
||||||
}
|
}
|
||||||
|
|
||||||
$location = wp_kses_no_null($location);
|
$location = wp_kses_no_null($location);
|
||||||
$strip = array('%0d', '%0a');
|
$strip = array('%0d', '%0a', '%0D', '%0A');
|
||||||
$location = str_replace($strip, '', $location);
|
$location = _deep_replace($strip, $location);
|
||||||
header("Location: $location");
|
header("Location: $location");
|
||||||
exit();
|
exit();
|
||||||
|
|
||||||
|
|
|
@ -2042,8 +2042,8 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
|
||||||
|
|
||||||
if ('' == $url) return $url;
|
if ('' == $url) return $url;
|
||||||
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
|
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
|
||||||
$strip = array('%0d', '%0a');
|
$strip = array('%0d', '%0a', '%0D', '%0A');
|
||||||
$url = str_replace($strip, '', $url);
|
$url = _deep_replace($strip, $url);
|
||||||
$url = str_replace(';//', '://', $url);
|
$url = str_replace(';//', '://', $url);
|
||||||
/* If the URL doesn't appear to contain a scheme, we
|
/* If the URL doesn't appear to contain a scheme, we
|
||||||
* presume it needs http:// appended (unless a relative
|
* presume it needs http:// appended (unless a relative
|
||||||
|
@ -2067,6 +2067,35 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
|
||||||
return apply_filters('clean_url', $url, $original_url, $context);
|
return apply_filters('clean_url', $url, $original_url, $context);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Perform a deep string replace operation to ensure the values in $search are no longer present
|
||||||
|
*
|
||||||
|
* Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
|
||||||
|
* e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
|
||||||
|
* str_replace would return
|
||||||
|
*
|
||||||
|
* @since 2.8.1
|
||||||
|
* @access private
|
||||||
|
*
|
||||||
|
* @param string|array $search
|
||||||
|
* @param string $subject
|
||||||
|
* @return string The processed string
|
||||||
|
*/
|
||||||
|
function _deep_replace($search, $subject){
|
||||||
|
$found = true;
|
||||||
|
while($found) {
|
||||||
|
$found = false;
|
||||||
|
foreach( (array) $search as $val ) {
|
||||||
|
while(strpos($subject, $val) !== false) {
|
||||||
|
$found = true;
|
||||||
|
$subject = str_replace($val, '', $subject);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $subject;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Escapes data for use in a MySQL query
|
* Escapes data for use in a MySQL query
|
||||||
*
|
*
|
||||||
|
|
|
@ -880,17 +880,8 @@ function wp_sanitize_redirect($location) {
|
||||||
$location = wp_kses_no_null($location);
|
$location = wp_kses_no_null($location);
|
||||||
|
|
||||||
// remove %0d and %0a from location
|
// remove %0d and %0a from location
|
||||||
$strip = array('%0d', '%0a');
|
$strip = array('%0d', '%0a', '%0D', '%0A');
|
||||||
$found = true;
|
$location = _deep_replace($strip, $location);
|
||||||
while($found) {
|
|
||||||
$found = false;
|
|
||||||
foreach( (array) $strip as $val ) {
|
|
||||||
while(strpos($location, $val) !== false) {
|
|
||||||
$found = true;
|
|
||||||
$location = str_replace($val, '', $location);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $location;
|
return $location;
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
Loading…
Reference in New Issue