Formatting: In `wp_validate_redirect()`, normalize the path when validating the location for relative URLs, to account for Windows paths.
Props peterwilsoncc, rconde, jmmathc, mat-lipe, Sixes, justinahinon, cmagrin, daxelrod, SergeyBiryukov. Fixes #47980. git-svn-id: https://develop.svn.wordpress.org/trunk@46472 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
a9891c7109
commit
0c75758333
|
@ -1418,6 +1418,7 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
||||||
$path = '';
|
$path = '';
|
||||||
if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
|
if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
|
||||||
$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
|
$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
|
||||||
|
$path = wp_normalize_path( $path );
|
||||||
}
|
}
|
||||||
$location = '/' . ltrim( $path . '/', '/' ) . $location;
|
$location = '/' . ltrim( $path . '/', '/' ) . $location;
|
||||||
}
|
}
|
||||||
|
|
|
@ -141,4 +141,79 @@ class Tests_Formatting_Redirect extends WP_UnitTestCase {
|
||||||
array( 'http://user.pass@#example.com/' ),
|
array( 'http://user.pass@#example.com/' ),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 47980
|
||||||
|
* @dataProvider relative_url_provider
|
||||||
|
*/
|
||||||
|
function test_wp_validate_redirect_relative_url( $current_uri, $url, $expected ) {
|
||||||
|
// Backup the global.
|
||||||
|
$unset = false;
|
||||||
|
if ( ! isset( $_SERVER['REQUEST_URI'] ) ) {
|
||||||
|
$unset = true;
|
||||||
|
} else {
|
||||||
|
$backup_request_uri = $_SERVER['REQUEST_URI'];
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set the global to current URI.
|
||||||
|
$_SERVER['REQUEST_URI'] = $current_uri;
|
||||||
|
|
||||||
|
$this->assertEquals( $expected, wp_validate_redirect( $url, false ) );
|
||||||
|
|
||||||
|
// Delete or reset the global as required.
|
||||||
|
if ( $unset ) {
|
||||||
|
unset( $_SERVER['REQUEST_URI'] );
|
||||||
|
} else {
|
||||||
|
$_SERVER['REQUEST_URI'] = $backup_request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Data provider for test_wp_validate_redirect_relative_url.
|
||||||
|
*
|
||||||
|
* @return array[] {
|
||||||
|
* string Current URI (i.e. path and query string only).
|
||||||
|
* string Redirect requested.
|
||||||
|
* string Expected destination.
|
||||||
|
* }
|
||||||
|
*/
|
||||||
|
function relative_url_provider() {
|
||||||
|
return array(
|
||||||
|
array(
|
||||||
|
'/',
|
||||||
|
'wp-login.php?loggedout=true',
|
||||||
|
'/wp-login.php?loggedout=true',
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'/src/',
|
||||||
|
'wp-login.php?loggedout=true',
|
||||||
|
'/src/wp-login.php?loggedout=true',
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'/wp-admin/settings.php?page=my-plugin',
|
||||||
|
'./settings.php?page=my-plugin',
|
||||||
|
'/wp-admin/./settings.php?page=my-plugin',
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'/wp-admin/settings.php?page=my-plugin',
|
||||||
|
'/wp-login.php',
|
||||||
|
'/wp-login.php',
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'/wp-admin/settings.php?page=my-plugin',
|
||||||
|
'../wp-admin/admin.php?page=my-plugin',
|
||||||
|
'/wp-admin/../wp-admin/admin.php?page=my-plugin',
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'/2019/10/13/my-post',
|
||||||
|
'../../',
|
||||||
|
'/2019/10/13/../../',
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'/2019/10/13/my-post',
|
||||||
|
'/',
|
||||||
|
'/',
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue