Introduce _deep_replace() and use it to improve the stripping of percent encoded values from urls. Fixes #10226 for trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
westi
parent
740a42b75a
commit
0dba5eddcf
|
|
@ -65,8 +65,8 @@ case 'update':
|
|||
}
|
||||
|
||||
$location = wp_kses_no_null($location);
|
||||
$strip = array('%0d', '%0a');
|
||||
$location = str_replace($strip, '', $location);
|
||||
$strip = array('%0d', '%0a', '%0D', '%0A');
|
||||
$location = _deep_replace($strip, $location);
|
||||
header("Location: $location");
|
||||
exit();
|
||||
|
||||
|
|
|
|||
|
|
@ -2042,8 +2042,8 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
|
|||
|
||||
if ('' == $url) return $url;
|
||||
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
|
||||
$strip = array('%0d', '%0a');
|
||||
$url = str_replace($strip, '', $url);
|
||||
$strip = array('%0d', '%0a', '%0D', '%0A');
|
||||
$url = _deep_replace($strip, $url);
|
||||
$url = str_replace(';//', '://', $url);
|
||||
/* If the URL doesn't appear to contain a scheme, we
|
||||
* presume it needs http:// appended (unless a relative
|
||||
|
|
@ -2067,6 +2067,35 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
|
|||
return apply_filters('clean_url', $url, $original_url, $context);
|
||||
}
|
||||
|
||||
/**
|
||||
* Perform a deep string replace operation to ensure the values in $search are no longer present
|
||||
*
|
||||
* Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
|
||||
* e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
|
||||
* str_replace would return
|
||||
*
|
||||
* @since 2.8.1
|
||||
* @access private
|
||||
*
|
||||
* @param string|array $search
|
||||
* @param string $subject
|
||||
* @return string The processed string
|
||||
*/
|
||||
function _deep_replace($search, $subject){
|
||||
$found = true;
|
||||
while($found) {
|
||||
$found = false;
|
||||
foreach( (array) $search as $val ) {
|
||||
while(strpos($subject, $val) !== false) {
|
||||
$found = true;
|
||||
$subject = str_replace($val, '', $subject);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $subject;
|
||||
}
|
||||
|
||||
/**
|
||||
* Escapes data for use in a MySQL query
|
||||
*
|
||||
|
|
|
|||
|
|
@ -880,17 +880,8 @@ function wp_sanitize_redirect($location) {
|
|||
$location = wp_kses_no_null($location);
|
||||
|
||||
// remove %0d and %0a from location
|
||||
$strip = array('%0d', '%0a');
|
||||
$found = true;
|
||||
while($found) {
|
||||
$found = false;
|
||||
foreach( (array) $strip as $val ) {
|
||||
while(strpos($location, $val) !== false) {
|
||||
$found = true;
|
||||
$location = str_replace($val, '', $location);
|
||||
}
|
||||
}
|
||||
}
|
||||
$strip = array('%0d', '%0a', '%0D', '%0A');
|
||||
$location = _deep_replace($strip, $location);
|
||||
return $location;
|
||||
}
|
||||
endif;
|
||||
|
|
|
|||
Loading…
Reference in New Issue