Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect().

fixes #28362. Built from https://develop.svn.wordpress.org/trunk@28939 git-svn-id: http://core.svn.wordpress.org/trunk@28737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-26 06:45:07 +02:00 · 2014-07-01 15:56:15 +00:00 · 2014-07-01 15:56:15 +00:00 · 177fe21194
commit 177fe21194
parent 575425ffbe
1 changed files with 1 additions and 1 deletions
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -1160,7 +1160,7 @@ if ( !function_exists('wp_sanitize_redirect') ) :
 * @return string redirect-sanitized URL
 **/
 function wp_sanitize_redirect($location) {
-	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
+	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
 	$location = wp_kses_no_null($location);

 	// remove %0d and %0a from location