[wp-hackers] Re: [wp-svn]  trunk/wp-includes/pluggable.php:
Allow % so entities such as slashes don't break.
m at mullenweg.com
Fri Jun 30 02:20:44 GMT 2006
m at wordpress.org wrote:
> Allow % so entities such as slashes don't break.
> + $strip = array('%0d', '%0a');
> + $location = str_replace($strip, '', $location);
Is this a comprehensive list of dangerous entities that can be encoded?
Might be best to take a whitelist approach here instead for a set of
encoded entities or a fixed range.
http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com
More information about the wp-hackers