[wp-trac] [WordPress Trac] #36827: Regular expression in wp_guess_url() is slightly too permissive.
WordPress Trac
noreply at wordpress.org
Mon May 16 22:54:08 UTC 2016
#36827: Regular expression in wp_guess_url() is slightly too permissive.
----------------------------------------+------------------
Reporter: cfinke | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.6
Component: General | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+------------------
Comment (by voldemortensen):
Replying to [comment:5 jrf]:
> Looking at the regex, I can see two more variants which would not be
caught:
>
> {{{
> http://mysite.com/wp-admin
> http://mysite.com/wp-login.php?var=somevar
> }}}
>
> I've seen that last one sometimes when plugins try to secure a url.
>
> Changing the regex to the below will fix that and catch both:
> `'#/(wp-admin(?:$|/.*)|wp-login\.php.*)#i'`
In the case of {{{http://mysite.com/wp-login.php?var=somevar}}} it will
still remove {{{wp-login.php}}} and return
{{{http://mysite.com?var=somevar}}}. We may need to keep that behavior for
back-compat (although I'm not aware of anything that depends on this).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36827#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list