WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect(). 

fixes #28362.
Built from https://develop.svn.wordpress.org/trunk@28939


git-svn-id: http://core.svn.wordpress.org/trunk@28737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2014-07-01 15:56:15 +00:00
parent 575425ffbe
commit 177fe21194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/pluggable.php
View File

@ -1160,7 +1160,7 @@ if ( !function_exists('wp_sanitize_redirect') ) :
* @return string redirect-sanitized URL * @return string redirect-sanitized URL
**/ **/
function wp_sanitize_redirect($location) { function wp_sanitize_redirect($location) {
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location); $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
$location = wp_kses_no_null($location); $location = wp_kses_no_null($location);
// remove %0d and %0a from location // remove %0d and %0a from location