Better %0d/%0a sanitization for wp_redirect() from hakre. fixes #4819 for trunk

git-svn-id: https://develop.svn.wordpress.org/trunk@5990 602fd350-edb4-49c9-b593-d223f7449a82
2007-08-30 17:46:09 +00:00 · 2007-08-30 17:46:09 +00:00 · 00f5e9555d
parent 5bda3562a4
commit 00f5e9555d
1 changed files with 11 additions and 1 deletions
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -401,8 +401,18 @@ function wp_redirect($location, $status = 302) {
 	$location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location);
 	$location = wp_kses_no_null($location);

+	// remove %0d and %0a from location
 	$strip = array('%0d', '%0a');
-	$location = str_replace($strip, '', $location);
+	$found = true;
+	while($found) {
+		$found = false;
+		foreach($strip as $val) {
+			while(strpos($location, $val) !== false) {
+				$found = true;
+				$location = str_replace($val, '', $location);
+			}
+		}
+	}

 	if ( $is_IIS ) {
 		header("Refresh: 0;url=$location");