Changeset 5990

Show
Ignore:
Timestamp:
08/30/07 17:46:09 (1 year ago)
Author:
markjaquith
Message:

Better %0d/%0a sanitization for wp_redirect() from hakre. fixes #4819 for trunk

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-includes/pluggable.php

    r5986 r5990  
    402402    $location = wp_kses_no_null($location); 
    403403 
     404    // remove %0d and %0a from location 
    404405    $strip = array('%0d', '%0a'); 
    405     $location = str_replace($strip, '', $location); 
     406    $found = true; 
     407    while($found) { 
     408        $found = false; 
     409        foreach($strip as $val) { 
     410            while(strpos($location, $val) !== false) { 
     411                $found = true; 
     412                $location = str_replace($val, '', $location); 
     413            } 
     414        } 
     415    } 
    406416 
    407417    if ( $is_IIS ) {