WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better %0d/%0a sanitization for wp_redirect() from hakre. fixes #4819 for 2.2.3 

git-svn-id: http://svn.automattic.com/wordpress/branches/2.2@5991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-08-30 17:46:58 +00:00
parent 00d289772d
commit a003f037e0
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
wp-includes/pluggable.php
View File

@ -320,8 +320,18 @@ function wp_redirect($location, $status = 302) {
$location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location); $location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location);
$location = wp_kses_no_null($location); $location = wp_kses_no_null($location);
// remove %0d and %0a from location
$strip = array('%0d', '%0a'); $strip = array('%0d', '%0a');
$location = str_replace($strip, '', $location); $found = true;
while($found) {
$found = false;
foreach($strip as $val) {
while(strpos($location, $val) !== false) {
$found = true;
$location = str_replace($val, '', $location);
}
}
}
if ( $is_IIS ) { if ( $is_IIS ) {
header("Refresh: 0;url=$location"); header("Refresh: 0;url=$location");