From 00f5e9555d4e03e67faf9f61749a5e207dcded81 Mon Sep 17 00:00:00 2001
From: Mark Jaquith <markjaquith@git.wordpress.org>
Date: Thu, 30 Aug 2007 17:46:09 +0000
Subject: [PATCH] Better %0d/%0a sanitization for wp_redirect() from hakre. 
 fixes #4819 for trunk

git-svn-id: https://develop.svn.wordpress.org/trunk@5990 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/pluggable.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 82ad4ea606..e2c6a59c2b 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -401,8 +401,18 @@ function wp_redirect($location, $status = 302) {
 	$location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location);
 	$location = wp_kses_no_null($location);
 
+	// remove %0d and %0a from location
 	$strip = array('%0d', '%0a');
-	$location = str_replace($strip, '', $location);
+	$found = true;
+	while($found) {
+		$found = false;
+		foreach($strip as $val) {
+			while(strpos($location, $val) !== false) {
+				$found = true;
+				$location = str_replace($val, '', $location);
+			}
+		}
+	}
 
 	if ( $is_IIS ) {
 		header("Refresh: 0;url=$location");