[wp-hackers] Bug in wp_sanitize_redirect() on IIS ???
peter.westwood at ftwr.co.uk
Wed Sep 26 15:03:10 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Callum Macdonald wrote:
> I haven't experienced this personally, but some users of my WP Mail
> SMTP plugin have reported that the Options page redirection doesn't
> work properly under IIS. It seems to work fine on LAMP.
> After clicking "Update Options" the options page redirects to this url:
> It seems the % is being stripped from the / in the URL. The correct url is:
> It seems that this is being stripped out in the
> wp_sanitize_redirect() function. I can't figure out why it's being
> re-introduced under Apache though. As far as I can tell the code strips
> out the % but doesn't add it back anywhere before redirecting.
> Anyone got any ideas?
Firstly, the preg_replace character class in wp_santize_redirect starts
with a ^ and is therefore negated - we allow % in those urls so that
should not be stripping it out I believe.
Could it be an issue with the parse_url call in wp_safe_redirect?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the wp-hackers