From 0c75758333dea85c9efd66f019ca9e3b632b32b5 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Mon, 14 Oct 2019 10:50:41 +0000
Subject: [PATCH] Formatting: In `wp_validate_redirect()`, normalize the path
 when validating the location for relative URLs, to account for Windows paths.

Props peterwilsoncc, rconde, jmmathc, mat-lipe, Sixes, justinahinon, cmagrin, daxelrod, SergeyBiryukov.
Fixes #47980.

git-svn-id: https://develop.svn.wordpress.org/trunk@46472 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/pluggable.php               |  1 +
 tests/phpunit/tests/formatting/redirect.php | 75 +++++++++++++++++++++
 2 files changed, 76 insertions(+)

diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index 468e065586..206761aaef 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -1418,6 +1418,7 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
 			$path = '';
 			if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
 				$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
+				$path = wp_normalize_path( $path );
 			}
 			$location = '/' . ltrim( $path . '/', '/' ) . $location;
 		}
diff --git a/tests/phpunit/tests/formatting/redirect.php b/tests/phpunit/tests/formatting/redirect.php
index 493dae4a1c..df69d8470f 100644
--- a/tests/phpunit/tests/formatting/redirect.php
+++ b/tests/phpunit/tests/formatting/redirect.php
@@ -141,4 +141,79 @@ class Tests_Formatting_Redirect extends WP_UnitTestCase {
 			array( 'http://user.pass@#example.com/' ),
 		);
 	}
+
+	/**
+	 * @ticket 47980
+	 * @dataProvider relative_url_provider
+	 */
+	function test_wp_validate_redirect_relative_url( $current_uri, $url, $expected ) {
+		// Backup the global.
+		$unset = false;
+		if ( ! isset( $_SERVER['REQUEST_URI'] ) ) {
+			$unset = true;
+		} else {
+			$backup_request_uri = $_SERVER['REQUEST_URI'];
+		}
+
+		// Set the global to current URI.
+		$_SERVER['REQUEST_URI'] = $current_uri;
+
+		$this->assertEquals( $expected, wp_validate_redirect( $url, false ) );
+
+		// Delete or reset the global as required.
+		if ( $unset ) {
+			unset( $_SERVER['REQUEST_URI'] );
+		} else {
+			$_SERVER['REQUEST_URI'] = $backup_request_uri;
+		}
+	}
+
+	/**
+	 * Data provider for test_wp_validate_redirect_relative_url.
+	 *
+	 * @return array[] {
+	 *      string Current URI (i.e. path and query string only).
+	 *      string Redirect requested.
+	 *      string Expected destination.
+	 * }
+	 */
+	function relative_url_provider() {
+		return array(
+			array(
+				'/',
+				'wp-login.php?loggedout=true',
+				'/wp-login.php?loggedout=true',
+			),
+			array(
+				'/src/',
+				'wp-login.php?loggedout=true',
+				'/src/wp-login.php?loggedout=true',
+			),
+			array(
+				'/wp-admin/settings.php?page=my-plugin',
+				'./settings.php?page=my-plugin',
+				'/wp-admin/./settings.php?page=my-plugin',
+			),
+			array(
+				'/wp-admin/settings.php?page=my-plugin',
+				'/wp-login.php',
+				'/wp-login.php',
+			),
+			array(
+				'/wp-admin/settings.php?page=my-plugin',
+				'../wp-admin/admin.php?page=my-plugin',
+				'/wp-admin/../wp-admin/admin.php?page=my-plugin',
+			),
+			array(
+				'/2019/10/13/my-post',
+				'../../',
+				'/2019/10/13/../../',
+			),
+			array(
+				'/2019/10/13/my-post',
+				'/',
+				'/',
+			),
+		);
+	}
 }