Introduce _deep_replace() and use it to improve the stripping of percent encoded values from urls. Fixes #10226 for trunk.

git-svn-id: https://develop.svn.wordpress.org/trunk@11615 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2009-06-20 17:42:24 +00:00
parent d9953efdf3
commit e5dd9ecd88
3 changed files with 35 additions and 15 deletions
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -880,17 +880,8 @@ function wp_sanitize_redirect($location) {
 	$location = wp_kses_no_null($location);

 	// remove %0d and %0a from location
-	$strip = array('%0d', '%0a');
-	$found = true;
-	while($found) {
-		$found = false;
-		foreach( (array) $strip as $val ) {
-			while(strpos($location, $val) !== false) {
-				$found = true;
-				$location = str_replace($val, '', $location);
-			}
-		}
-	}
+	$strip = array('%0d', '%0a', '%0D', '%0A');
+	$location = _deep_replace($strip, $location);
 	return $location;
 }
 endif;