[wp-trac] [WordPress Trac] #36998: wp_sanitize_redirect() strips spaces out of URLs instead of encoding them
WordPress Trac
noreply at wordpress.org
Mon Aug 5 15:25:38 UTC 2019
#36998: wp_sanitize_redirect() strips spaces out of URLs instead of encoding them
--------------------------+---------------------
Reporter: hlashbrooke | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone:
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+---------------------
Changes (by donmhico):
* keywords: needs-patch needs-unit-tests => has-patch
Comment:
Please ignore my first patch, it was weird. The latest patch was the
correct one
[https://core.trac.wordpress.org/attachment/ticket/36998/36998.1.diff
36998.1.diff].
Basically, I just replace the whitespace with %20 at the top before the
`$location` is passed to the other functions.
{{{#!php
$location = str_replace( ' ', '%20', $location );
}}}
I don't see any problem with this solution, and as @dd32 mentioned on
comment 2, encoding such components is a sane thing to do as long as
there's no security risk. And I think that encoding whitespaces to %20 is
better than just stripping it out. Typing a url with whitespaces in the
browser will convert the whitespaces to %20 as well, so I think there's no
issue simulating the same behaviour in `wp_sanitize_redirect()`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36998#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list