[wp-trac] Re: [WordPress Trac] #2858: Problem with wp_get_referer()
WordPress Trac
wp-trac at lists.automattic.com
Sun Jun 25 07:44:07 GMT 2006
#2858: Problem with wp_get_referer()
----------------------------+-----------------------------------------------
Reporter: tereshchenko | Owner: anonymous
Type: defect | Status: reopened
Priority: normal | Milestone: 2.0.4
Component: Administration | Version: 2.0.4
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by matt):
Our approach in another part of the code is a whitelist of characters,
which I believe is the safest approach as we never know what sort of weird
unicode character + browser bug could make this an issue in the future.
This is the code we have in wp-login, I assume it is a comprehensive regex
and I see no reason we shouldn't apply it to all places we send Location
headers:
{{{
$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '',
$_REQUEST['redirect_to']);
}}}
--
Ticket URL: <http://trac.wordpress.org/ticket/2858>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list