From 288cd469396cfe7055972b457eb589cea51ce40e Mon Sep 17 00:00:00 2001
From: Aaron Campbell <aaron@xavisys.com>
Date: Mon, 6 Mar 2017 13:38:41 +0000
Subject: [PATCH] Strip control characters before validating redirect.

Built from https://develop.svn.wordpress.org/trunk@40183


git-svn-id: http://core.svn.wordpress.org/trunk@40122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/pluggable.php | 2 +-
 wp-includes/version.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 3e6fbe14d6..0de6b0cc78 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -1293,7 +1293,7 @@ if ( !function_exists('wp_validate_redirect') ) :
  * @return string redirect-sanitized URL
  **/
 function wp_validate_redirect($location, $default = '') {
-	$location = trim( $location );
+	$location = trim( $location, " \t\n\r\0\x08\x0B" );
 	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
 	if ( substr($location, 0, 2) == '//' )
 		$location = 'http:' . $location;
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 56086c2a26..7db8d5c43a 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.8-alpha-40181';
+$wp_version = '4.8-alpha-40183';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.