sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Strip control characters before validating redirect. 

Merges [40183] to 4.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40184 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Aaron D. Campbell 2017-03-06 13:39:33 +00:00
parent a0902e8a13
commit 742d7e6663
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/pluggable.php
View File

@ -1283,7 +1283,7 @@ if ( !function_exists('wp_validate_redirect') ) :
* @return string redirect-sanitized URL
**/
function wp_validate_redirect($location, $default = '') {
$location = trim( $location );
$location = trim( $location, " \t\n\r\0\x08\x0B" );
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
if ( substr($location, 0, 2) == '//' )
$location = 'http:' . $location;

6
tests/phpunit/tests/formatting/redirect.php
View File

@ -59,6 +59,8 @@ class Tests_Formatting_Redirect extends WP_UnitTestCase {
array( 'http://user@example.com/', 'http://user@example.com/' ),
array( 'http://user:@example.com/', 'http://user:@example.com/' ),
array( 'http://user:pass@example.com/', 'http://user:pass@example.com/' ),
array( " \t\n\r\0\x08\x0Bhttp://example.com", 'http://example.com' ),
array( " \t\n\r\0\x08\x0B//example.com", 'http://example.com' ),
);
}
@ -71,6 +73,10 @@ class Tests_Formatting_Redirect extends WP_UnitTestCase {
// non-safelisted domain
array( 'http://non-safelisted.example/' ),
// non-safelisted domain (leading whitespace)
array( " \t\n\r\0\x08\x0Bhttp://non-safelisted.example.com" ),
array( " \t\n\r\0\x08\x0B//non-safelisted.example.com" ),
// unsupported schemes
array( 'data:text/plain;charset=utf-8,Hello%20World!' ),
array( 'file:///etc/passwd' ),