Ticket #5114 (closed enhancement: fixed)

Opened 9 months ago

Last modified 9 months ago

wp_safe_redirect() case sensitive for hostnames

Reported by: BoltClock Assigned to: anonymous
Priority: normal Milestone: 2.3.1
Component: General Version: 2.3
Severity: normal Keywords: has-patch needs-testing
Cc:

Description

For instance, when I enter a post password, no matter whether it was correct, I get redirected to my wp-admin folder instead of the form's page. I had set my hostname to contain uppercase letters as an experiment.

Exploring the source code made it apparent that the check in wp_safe_redirect() is case sensitive, i.e. hostname http://www.EXAMPLE.com does not match http://www.example.com.

Attachments

pluggable.php.diff (0.6 kB) - added by BoltClock on 09/30/07 10:30:34.
5114.2.diff (0.6 kB) - added by markjaquith on 10/10/07 19:18:18.
5114.3.diff (0.6 kB) - added by markjaquith on 10/10/07 19:22:32.

Change History

09/30/07 10:30:34 changed by BoltClock

  • attachment pluggable.php.diff added.

09/30/07 12:21:55 changed by BoltClock

  • type changed from defect to enhancement.

10/01/07 06:43:19 changed by BoltClock

  • keywords changed from dev-feedback to 2nd-opinion needs-testing.

10/01/07 10:53:48 changed by westi

  • keywords changed from 2nd-opinion needs-testing to has-patch needs-testing.

10/10/07 19:18:18 changed by markjaquith

  • attachment 5114.2.diff added.

10/10/07 19:19:27 changed by markjaquith

  • milestone changed from 2.3.1 to 2.4.

5114.2.diff adds a strtolower()'d version of the host into the allowed_hosts array. So you can match by being lowercase or by matching exactly. Milestone of 2.4 before 2.3.1

10/10/07 19:22:32 changed by markjaquith

  • attachment 5114.3.diff added.

10/10/07 19:23:17 changed by markjaquith

5114.3.diff only does the strtolower() if the raw version doesn't match.

10/10/07 19:25:23 changed by markjaquith

  • status changed from new to closed.
  • resolution set to fixed.

(In [6219]) check for a match against a lowercase host in wp_safe_redirect(). props BoltClock?. fixes #5114 for trunk

10/10/07 19:26:13 changed by markjaquith

  • status changed from closed to reopened.
  • resolution deleted.
  • milestone changed from 2.4 to 2.3.1.

10/10/07 19:26:21 changed by markjaquith

  • status changed from reopened to closed.
  • resolution set to fixed.

(In [6220]) check for a match against a lowercase host in wp_safe_redirect(). props BoltClock?. fixes #5114 for 2.3.1