Permalink
Browse files

Any single quotes, at least, in `$_SERVER['REQUEST_URI']` are slashed…

…, unlash them before matching

This means you can redirect from a URL like http://example.com/because-he's-worth-it/ to the WordPress escaped version which would be http://example.com/because-he%27s-worth-it/
  • Loading branch information...
1 parent 24e7900 commit 809c565e4e63d53be86c4aac7ec4c8edc6bda3d1 @simonwheatley committed Nov 13, 2012
Showing with 1 addition and 0 deletions.
  1. +1 −0 safe-redirect-manager.php
@@ -714,6 +714,7 @@ public function action_parse_request() {
// get requested path and add a / before it
$requested_path = sanitize_text_field( $_SERVER['REQUEST_URI'] );
+ $requested_path = stripslashes( $requested_path );
/**
* If WordPress resides in a directory that is not the public root, we have to chop

0 comments on commit 809c565

Please sign in to comment.