sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Strip control characters before validating redirect. 

git-svn-id: https://develop.svn.wordpress.org/trunk@40183 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Aaron D. Campbell 2017-03-06 13:37:43 +00:00
parent 47c966dffc
commit ec30770c50
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/pluggable.php
View File

@ -1293,7 +1293,7 @@ if ( !function_exists('wp_validate_redirect') ) :
* @return string redirect-sanitized URL * @return string redirect-sanitized URL
**/ **/
function wp_validate_redirect($location, $default = '') { function wp_validate_redirect($location, $default = '') {
$location = trim( $location ); $location = trim( $location, " \t\n\r\0\x08\x0B" );
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
if ( substr($location, 0, 2) == '//' ) if ( substr($location, 0, 2) == '//' )
$location = 'http:' . $location; $location = 'http:' . $location;

6
tests/phpunit/tests/formatting/redirect.php
View File

@ -59,6 +59,8 @@ class Tests_Formatting_Redirect extends WP_UnitTestCase {
array( 'http://user@example.com/', 'http://user@example.com/' ), array( 'http://user@example.com/', 'http://user@example.com/' ),
array( 'http://user:@example.com/', 'http://user:@example.com/' ), array( 'http://user:@example.com/', 'http://user:@example.com/' ),
array( 'http://user:pass@example.com/', 'http://user:pass@example.com/' ), array( 'http://user:pass@example.com/', 'http://user:pass@example.com/' ),
array( " \t\n\r\0\x08\x0Bhttp://example.com", 'http://example.com' ),
array( " \t\n\r\0\x08\x0B//example.com", 'http://example.com' ),
); );
} }
@ -71,6 +73,10 @@ class Tests_Formatting_Redirect extends WP_UnitTestCase {
// non-safelisted domain // non-safelisted domain
array( 'http://non-safelisted.example/' ), array( 'http://non-safelisted.example/' ),
// non-safelisted domain (leading whitespace)
array( " \t\n\r\0\x08\x0Bhttp://non-safelisted.example.com" ),
array( " \t\n\r\0\x08\x0B//non-safelisted.example.com" ),
// unsupported schemes // unsupported schemes
array( 'data:text/plain;charset=utf-8,Hello%20World!' ), array( 'data:text/plain;charset=utf-8,Hello%20World!' ),
array( 'file:///etc/passwd' ), array( 'file:///etc/passwd' ),