vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

General: Correct path replacement regex in wp_guess_url.

Browse Source 
In `wp_guess_url`, the regex to check for wp-login.php in the URL is slightly too permissive, not escaping `.` in "wp-login.php".  `.` is a token in regex that matches any character.

This change simply escapes the `.` and adds unit test coverage for `wp_guess_url`.

Props cfinke, ocean90, jrf, voldemortensen, jdgrimes, curdin, netweb, petitphp, SergeyBiryukov, costdev.
Fixes #36827.

git-svn-id: https://develop.svn.wordpress.org/trunk@54146 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
David Baumwald
2022-09-13 19:48:45 +00:00
parent 9bde2e9f26
commit 7b9d4cf54a
2 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/functions.php
View File

@@ -6033,7 +6033,7 @@ function wp_guess_url() {
// The request is for the admin.
if ( strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) !== false || strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) !== false ) {
$path = preg_replace( '#/(wp-admin/.*|wp-login.php)#i', '', $_SERVER['REQUEST_URI'] );
$path = preg_replace( '#/(wp-admin/?.*|wp-login\.php.*)#i', '', $_SERVER['REQUEST_URI'] );
// The request is for a file in ABSPATH.
} elseif ( $script_filename_dir . '/' === $abspath_fix ) {