wp_sanitize_redirect strips out @ signs (even from parameters) — why?

Question why does wp_sanitize_redirect strip out @ signs, exactly? Anybody could anyway try to load a url with an @ sign in it – is there some security issue I’m not thinking about?

Just take a look at the source:

function wp_sanitize_redirect($location) {
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
    $location = wp_kses_no_null($location);

    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

So the only characters, the preg_replace allows are

  • lower case a-z
  • numbers
  • and ~+_.?#=&;,/:%!.

What does that mean for URIs and URLs?

The php function urlencode() replaces all no alpha-numeric chararcters, except -_. with a % (percent) character followed by two hexdecimal values and spaces with a +. If you use rawurlencode(), it also strips the +. As you can see from the preg_replace(), it allows all URL encoded/prepared characters, so it’s safe to throw such encoded characters/URL parts into the game.

Related Posts:

  1. NextGEN Gallery Lightbox – Social Share URL Redirect
  2. WordPress redirects non-existing url to existing ones – how to disable
  3. My WP_options db rewrite_rules Does Not Work
  4. Can I change default registration link (without htaccess)?
  5. Redirect HTTP to HTTPS for all sub domains (blog posts)
  6. How to remove trailing slash from root WordPress folder?
  7. Rewrites: .htaccess or wp_rewrite for bulk 301 changes?
  8. WordPress rewrite front page url
  9. URL rewrite before template_redirect called
  10. Use Parent Pages for URL Structure without Landing Page
  11. Redirect if string found in URL
  12. How to make custom WordPress page deliver search results
  13. How do you create a “virtual” page in WordPress
  14. Multiple endpoints to same page
  15. Preserving $_GET parameter while using custom Rewrite Rule
  16. Handle category name URL rewrite before different post type slugs
  17. Taxonomy rewrite question
  18. Rewrite rules in .htaccess get overwritten?
  19. Getting add_rewrite_rule and add_rewrite_tag to work
  20. Why did installing wordpress in url root jack up underlying WP sites?
  21. How do I create a dynamic page?
  22. Dynamic URL, not a physical page within the database
  23. Passing & Reading URL Parameters with URL re-writing
  24. WP Rewrite the last two parts of the URL
  25. Change default URL of image attachment
  26. Rewrite URL to remap WordPress Permalink
  27. WordPress redirection to get url friendly
  28. Access $_POST data after redirect
  29. Change Query String to pretty permalink
  30. How to add a custom redirect rule for subdomains?
  31. rewrite rules for custom post-type with a custom taxonomy
  32. Remove special characters in a URL
  33. append url parameters to all links
  34. Load a template page based on part of slug in wordpress
  35. Alias ‘wp-content’ directory to something shorter (framework?)
  36. open all .docs in word online
  37. url rewrite parsing a custom url parameter not working
  38. How to add custom variable in url without redirect?
  39. Using category slug in add_rewrite rule
  40. Pass a comment id through url and append the comment post’s slug in the url
  41. How to change the main site url on a multisite installation (network)?
  42. add_rewrite_rule ignoring other params than the “p” param
  43. optimize wordpress rewrite rule regex
  44. How to catch Rewrite rules then display a specific post?
  45. Load an url with minimal/no DB queries
  46. Login page is redirecting to homepage
  47. .htaccess rewrite
  48. Auto generate rewrite rules for multiple taxonomies
  49. Generating a Rewrite Rule for sSecific Post-Requests from a Submitted Form?
  50. Rewrite URLs – Custom Post Type – Post Slug, Taxonamy Slug
  51. URL Rewriting for PHP script on an image URL
  52. rewrite url for authors
  53. How to redirect specific URL to Subdomain
  54. How to rewrite wordpress urls with index.php in them
  55. Rewrite query string to path
  56. map multiple URLs to display home page without changing URL displayed in browser’s location bar
  57. WordPress Autocorrect URL / Slugs Does Not Work
  58. Rewrite API -Adding a parameter before the slug
  59. Rewrite URL based on home_url
  60. IIRF + IIS 6 + WordPress does not return 404 error
  61. Rewrite vs Redirect from ?p={ID}
  62. Is it possible to set the same base for categories and tags?
  63. Adding a rewrite rule to page that has no fixed variables and pagination
  64. How do I Redirect a WordPress Page?
  65. Integer based rewrite isn’t recognized for value of 1
  66. Re-directing URLs with dates to URLs without dates
  67. Having WordPress control only certain pages with .htaccess?
  68. wordpress url correction
  69. My bbPress rewrite rules aren’t working
  70. add_rewrite_tag works for some parameters but does not for others
  71. Rewrite specific action url
  72. Using URL rewrite to add custom URL for custom post type
  73. 301 Rewriting htaccess
  74. Using page as front page, why does /page/### work?
  75. Rewrite rule shows 404 page
  76. How to transform multiple parameter URL to clean URL
  77. Exclude subfolder in WordPress permalink
  78. wordpress path generation from rewrite rule
  79. WordPress pagination broken for page 2,3 with custom permalink. Redirects to baseurl
  80. Rewrite rule for custom permalink structure
  81. Help with .htaccess setup to hide WordPress Directory
  82. Ugly URLs when there’s pagination
  83. Hide wordpress source code
  84. Why is there a 404 on page 2+ for my search page?
  85. Custom rewrite from URL to URL using slug
  86. URL duplicating after migrating domain
  87. Properly maintaining an old rewrite structure
  88. Custom Post type and Custom taxonomy with URL rewrite worked but template did not
  89. Add dynamic url with external page in WordPress
  90. URL Rewrite for CPT single posts
  91. How to remove post redirects
  92. Using 2 URL’s for WordPress
  93. Rewriting WordPress URLs
  94. Function to rewrite URl in WordPress
  95. How can i maintain permalink structure and avoid a 404 error when loading external content?
  96. Can’t get pretty permalinks to work without index.php
  97. How to rename the WordPress wp-login.php running on IIS6?
  98. Generated URLs don’t reflect accurate URLs.
  99. Change the slug ( url ) to a sequence number starting from 0 in the custom record type?
  100. Change url site.it/wordpress

Leave a Comment