Better %0d/%0a sanitization for wp_redirect() from hakre. fixes #4819 for trunk

git-svn-id: http://svn.automattic.com/wordpress/trunk@5990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-08-30 17:46:09 +00:00
parent f9e28418ce
commit f0b39c1b5c

View File

@ -401,8 +401,18 @@ function wp_redirect($location, $status = 302) {
$location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location);
$location = wp_kses_no_null($location);
// remove %0d and %0a from location
$strip = array('%0d', '%0a');
$location = str_replace($strip, '', $location);
$found = true;
while($found) {
$found = false;
foreach($strip as $val) {
while(strpos($location, $val) !== false) {
$found = true;
$location = str_replace($val, '', $location);
}
}
}
if ( $is_IIS ) {
header("Refresh: 0;url=$location");