Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-24 21:32:51 +02:00
Code Issues Projects Releases Wiki Activity

Better %0d/%0a sanitization for wp_redirect() from hakre. fixes #4819 for 2.0.12

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-08-30 17:47:35 +00:00
parent fbca14b458
commit d2de590be2
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
wp-includes/pluggable-functions.php
View File

@ -261,8 +261,18 @@ function wp_redirect($location, $status = 302) {
$location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location); $location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location);
// remove %0d and %0a from location
$strip = array('%0d', '%0a'); $strip = array('%0d', '%0a');
$location = str_replace($strip, '', $location); $found = true;
while($found) {
$found = false;
foreach($strip as $val) {
while(strpos($location, $val) !== false) {
$found = true;
$location = str_replace($val, '', $location);
}
}
}
if ( $is_IIS ) { if ( $is_IIS ) {
header("Refresh: 0;url=$location"); header("Refresh: 0;url=$location");