mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-01-17 04:48:25 +01:00
Code Issues Actions 98 Packages Projects Releases Wiki Activity

Strip control characters before validating redirect.

Browse Source 
Merges [40183] to 4.3 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.3@40188 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Aaron D. Campbell 2017-03-06 13:42:01 +00:00
parent 55663f87f7
commit 29c97cb0bc
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/pluggable.php
View File

@ -1300,7 +1300,7 @@ if ( !function_exists('wp_validate_redirect') ) :
* @return string redirect-sanitized URL
**/
function wp_validate_redirect($location, $default = '') {
$location = trim( $location );
$location = trim( $location, " \t\n\r\0\x08\x0B" );
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
if ( substr($location, 0, 2) == '//' )
$location = 'http:' . $location;

6
tests/phpunit/tests/formatting/redirect.php
View File

@ -58,6 +58,8 @@ class Tests_Formatting_Redirect extends WP_UnitTestCase {
array( 'http://user@example.com/', 'http://user@example.com/' ),
array( 'http://user:@example.com/', 'http://user:@example.com/' ),
array( 'http://user:pass@example.com/', 'http://user:pass@example.com/' ),
array( " \t\n\r\0\x08\x0Bhttp://example.com", 'http://example.com' ),
array( " \t\n\r\0\x08\x0B//example.com", 'http://example.com' ),
);
}
@ -70,6 +72,10 @@ class Tests_Formatting_Redirect extends WP_UnitTestCase {
// non-safelisted domain
array( 'http://non-safelisted.example/' ),
// non-safelisted domain (leading whitespace)
array( " \t\n\r\0\x08\x0Bhttp://non-safelisted.example.com" ),
array( " \t\n\r\0\x08\x0B//non-safelisted.example.com" ),
// unsupported schemes
array( 'data:text/plain;charset=utf-8,Hello%20World!' ),
array( 'file:///etc/passwd' ),