[wp-trac] [WordPress Trac] #10226: Sanitization bypass in clean_url and wp_sanitise redirect

WordPress Trac wp-trac at lists.automattic.com
Sat Jun 20 17:30:44 GMT 2009


#10226: Sanitization bypass in clean_url and wp_sanitise redirect
--------------------------+-------------------------------------------------
 Reporter:  westi         |       Owner:  westi
     Type:  defect (bug)  |      Status:  new  
 Priority:  normal        |   Milestone:  2.8.1
Component:  Security      |     Version:  2.8  
 Severity:  normal        |    Keywords:       
--------------------------+-------------------------------------------------
 Following on from #4819, while writing unit tests for clean_url I noticed
 an issue with the way in which it removes %0d and %0a from urls.

 It expects the miscreant to have been nice and used lower case letters so
 %0D and %0A just slip straight through.

 This also affects wp_safe_redirect and clean_url can currently be bypassed
 in the same way that wp_safe_redirect could before #4819 is fixed.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10226>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list