WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

In `wp_sanitize_redirect()`, don't eat `@` characters. According to RFC 3986, "@" is a perfectly valid character in a URL path or query string. 

Adds unit test.

Props markjaquith.
Fixes #18818.

Built from https://develop.svn.wordpress.org/trunk@33707


git-svn-id: http://core.svn.wordpress.org/trunk@33674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2015-08-22 17:05:24 +00:00
parent 523b51a359
commit 5510b519f5
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/pluggable.php
View File

@ -1232,7 +1232,7 @@ function wp_sanitize_redirect($location) {
){1,40} # ...one or more times ){1,40} # ...one or more times
)/x'; )/x';
$location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location ); $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location); $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
$location = wp_kses_no_null($location); $location = wp_kses_no_null($location);
// remove %0d and %0a from location // remove %0d and %0a from location

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.4-alpha-33706'; $wp_version = '4.4-alpha-33707';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.