From f0b39c1b5c49a20fb49622bbb0ca7add4e955e4f Mon Sep 17 00:00:00 2001
From: markjaquith <markjaquith@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 30 Aug 2007 17:46:09 +0000
Subject: [PATCH] Better %0d/%0a sanitization for wp_redirect() from hakre. 
 fixes #4819 for trunk

git-svn-id: http://svn.automattic.com/wordpress/trunk@5990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/pluggable.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 82ad4ea606..e2c6a59c2b 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -401,8 +401,18 @@ function wp_redirect($location, $status = 302) {
 	$location = preg_replace('|[^a-z0-9-~\+_\.\?#=&;,/:%]|i', '', $location);
 	$location = wp_kses_no_null($location);
 
+	// remove %0d and %0a from location
 	$strip = array('%0d', '%0a');
-	$location = str_replace($strip, '', $location);
+	$found = true;
+	while($found) {
+		$found = false;
+		foreach($strip as $val) {
+			while(strpos($location, $val) !== false) {
+				$found = true;
+				$location = str_replace($val, '', $location);
+			}
+		}
+	}
 
 	if ( $is_IIS ) {
 		header("Refresh: 0;url=$location");