From 9b8a99e3980bd8962c6d472ae6612ba8bb1b0881 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 27 Jun 2006 01:42:52 +0000 Subject: [PATCH] More thorough URI sanitizer in wp_redirect(). git-svn-id: http://svn.automattic.com/wordpress/trunk@3926 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/pluggable.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 6c09db0740..1f767e1d4c 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -283,7 +283,7 @@ if ( !function_exists('wp_redirect') ) : function wp_redirect($location) { global $is_IIS; - $location = str_replace( array("\n", "\r"), '', $location); + $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $location); if ($is_IIS) header("Refresh: 0;url=$location");