Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect().
fixes #28362. Built from https://develop.svn.wordpress.org/trunk@28939 git-svn-id: http://core.svn.wordpress.org/trunk@28737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
575425ffbe
commit
177fe21194
|
@ -1160,7 +1160,7 @@ if ( !function_exists('wp_sanitize_redirect') ) :
|
|||
* @return string redirect-sanitized URL
|
||||
**/
|
||||
function wp_sanitize_redirect($location) {
|
||||
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
|
||||
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
|
||||
$location = wp_kses_no_null($location);
|
||||
|
||||
// remove %0d and %0a from location
|
||||
|
|
Loading…
Reference in New Issue