[wp-trac] [WordPress Trac] #29170: Support IDNA(Internationalized Domain Names for Applications, RFC 5890 and 5891)
WordPress Trac
noreply at wordpress.org
Sun Aug 10 15:11:15 UTC 2014
#29170: Support IDNA(Internationalized Domain Names for Applications, RFC 5890 and
5891)
------------------------------------+-----------------------------
Reporter: extendwings | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: normal | Keywords:
Focuses: administration |
------------------------------------+-----------------------------
If WordPress is installed on IDN(Internationalized Domain Name)
environment, we couldn't login to WordPress dashboard easily.
=== Reproduce ===
I set up the site to reproduce.
1. Visit [http://xn--idn-7k4bocn.xn--q9jyb4c/wp-login.php http://idnテスト
.みんな/wp-login.php]
1. Enter the following information and login.
1. You may redirected to http://idn./wp-admin
* User: wporg-test
* Password: NQhA@*c&
This account for test will expired next month automatically.
=== Cause ===
wp_sanitize_redirect() calls `preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i',
'', $location)`, this works in most cases.
But if user entered IDN at wp-admin/options-general.php '''without'''
converting to Punycode, UTF-8(precisely, non-ASCII) characters will be
removed by preg_replace.
Ex) http://idnテスト.みんな/ -> http://idn./
=== Solution ===
Convert URL to Punycode before sanitizing. I chose ''PEAR Net_IDNA2'',
licensed under LGPL.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29170>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list