[wp-trac] [WordPress Trac] #28362: Asterisk (*) characters are incorrectly removed in wp_sanitize_redirect

WordPress Trac noreply at wordpress.org
Mon May 26 10:43:53 UTC 2014 

#28362: Asterisk (*) characters are incorrectly removed in wp_sanitize_redirect
--------------------------+--------------------
 Reporter:  jkohlbach     |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  4.0
Component:  Formatting    |     Version:  2.0.4
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:
--------------------------+--------------------
Changes (by SergeyBiryukov):

 * keywords:   => has-patch
 * version:  3.9.1 => 2.0.4
 * milestone:  Awaiting Review => 4.0


Old description:

> According to the URI spec under section 2.3 Unreserved Characters
> (http://www.ietf.org/rfc/rfc2396.txt) the asterisk character (*) is
> allowed in URI's but wp_sanitize_redirect strips them out.
>
> This send means the user is sent to the wrong URL when using wp_redirect
> or wp_safe_redirect.
>
> To reproduce, open wp-includes/pluggable.php and drop in some debug in
> the wp_redirect function:
> echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
> $location = wp_sanitize_redirect($location);
> echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
> die();
>
> Then just use wp_redirect('http://google.com/test=12345*abcdef', 301);
> and you'll see the * is being stripped incorrectly.

New description:

 According to the URI spec under section 2.3 Unreserved Characters
 (http://www.ietf.org/rfc/rfc2396.txt) the asterisk character (*) is
 allowed in URI's but wp_sanitize_redirect strips them out.

 This send means the user is sent to the wrong URL when using wp_redirect
 or wp_safe_redirect.

 To reproduce, open wp-includes/pluggable.php and drop in some debug in the
 wp_redirect function:
 {{{
 echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
 $location = wp_sanitize_redirect($location);
 echo '<pre>DEBUG: ' . print_r($location, true) . '</pre>';
 die();
 }}}
 Then just use `wp_redirect('http://google.com/test=12345*abcdef', 301);`
 and you'll see the * is being stripped incorrectly.

--

Comment:

 Related: [3926], [3939], [11147].

--
Ticket URL: <https://core.trac.wordpress.org/ticket/28362#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list