[wp-trac] [WordPress Trac] #36827: Regular expression in wp_guess_url() is slightly too permissive.
WordPress Trac
noreply at wordpress.org
Mon May 16 18:23:14 UTC 2016
#36827: Regular expression in wp_guess_url() is slightly too permissive.
------------------------------+------------------
Reporter: cfinke | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.6
Component: General | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch commit | Focuses:
------------------------------+------------------
Comment (by jrf):
Looking at the regex, I can see two more variants which would not be
caught:
{{{
http://mysite.com/wp-admin
http://mysite.com/wp-login.php?var=somevar
}}}
I've seen that last one sometimes when plugins try to secure a url.
Changing the regex to the below will fix that and catch both:
`'#/(wp-admin(?:$|/.*)|wp-login\.php.*)#i'`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36827#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list