Best practice, use wp_safe_redirect() when dealing with referrers. Props nacin.

git-svn-id: http://svn.automattic.com/wordpress/trunk@19579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2011-12-10 18:26:48 +00:00
parent ec305a2ee0
commit 02a1dd7ccb
7 changed files with 26 additions and 26 deletions

View File

@ -30,7 +30,7 @@ if ( $doaction ) {
} elseif ( isset( $_REQUEST['ids'] ) ) {
$comment_ids = array_map( 'absint', explode( ',', $_REQUEST['ids'] ) );
} elseif ( wp_get_referer() ) {
wp_redirect( wp_get_referer() );
wp_safe_redirect( wp_get_referer() );
exit;
}
@ -92,7 +92,7 @@ if ( $doaction ) {
if ( $trashed || $spammed )
$redirect_to = add_query_arg( 'ids', join( ',', $comment_ids ), $redirect_to );
wp_redirect( $redirect_to );
wp_safe_redirect( $redirect_to );
exit;
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );

View File

@ -367,7 +367,7 @@ function set_screen_options() {
}
update_user_meta($user->ID, $option, $value);
wp_redirect( remove_query_arg( array('pagenum', 'apage', 'paged'), wp_get_referer() ) );
wp_safe_redirect( remove_query_arg( array('pagenum', 'apage', 'paged'), wp_get_referer() ) );
exit;
}
}

View File

@ -118,12 +118,12 @@ if ( $action ) {
update_option( 'allowedthemes', $allowed_themes );
restore_current_blog();
wp_redirect( add_query_arg( array( 'id' => $id, $action => $n ), $referer ) );
wp_safe_redirect( add_query_arg( array( 'id' => $id, $action => $n ), $referer ) );
exit;
}
if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) {
wp_redirect( $referer );
wp_safe_redirect( $referer );
exit();
}

View File

@ -153,12 +153,12 @@ if ( $action ) {
}
restore_current_blog();
wp_redirect( add_query_arg( 'update', $update, $referer ) );
wp_safe_redirect( add_query_arg( 'update', $update, $referer ) );
exit();
}
if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) {
wp_redirect( $referer );
wp_safe_redirect( $referer );
exit();
}

View File

@ -63,9 +63,9 @@ if ( isset( $_GET['action'] ) ) {
if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {
wpmu_delete_blog( $id, true );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete' ), wp_get_referer() ) );
} else {
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'not_deleted' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'not_deleted' ), wp_get_referer() ) );
}
exit();
@ -110,7 +110,7 @@ if ( isset( $_GET['action'] ) ) {
}
}
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $blogfunction ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $blogfunction ), wp_get_referer() ) );
} else {
wp_redirect( network_admin_url( 'sites.php' ) );
}
@ -123,7 +123,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'archived', '1' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'archive' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'archive' ), wp_get_referer() ) );
exit();
break;
@ -133,7 +133,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'archived', '0' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unarchive' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unarchive' ), wp_get_referer() ) );
exit();
break;
@ -144,7 +144,7 @@ if ( isset( $_GET['action'] ) ) {
update_blog_status( $id, 'deleted', '0' );
do_action( 'activate_blog', $id );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'activate' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'activate' ), wp_get_referer() ) );
exit();
break;
@ -155,7 +155,7 @@ if ( isset( $_GET['action'] ) ) {
do_action( 'deactivate_blog', $id );
update_blog_status( $id, 'deleted', '1' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'deactivate' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'deactivate' ), wp_get_referer() ) );
exit();
break;
@ -165,7 +165,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'spam', '0' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unspam' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unspam' ), wp_get_referer() ) );
exit();
break;
@ -175,7 +175,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'spam', '1' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'spam' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'spam' ), wp_get_referer() ) );
exit();
break;
@ -185,7 +185,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'mature', '0' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unmature' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unmature' ), wp_get_referer() ) );
exit();
break;
@ -195,7 +195,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'mature', '1' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'mature' ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'mature' ), wp_get_referer() ) );
exit();
break;

View File

@ -47,33 +47,33 @@ if ( $action ) {
check_admin_referer('disable-theme_' . $_GET['theme']);
unset( $allowed_themes[ $_GET['theme'] ] );
update_site_option( 'allowedthemes', $allowed_themes );
wp_redirect( add_query_arg( 'disabled', '1', $referer ) );
wp_safe_redirect( add_query_arg( 'disabled', '1', $referer ) );
exit;
break;
case 'enable-selected':
check_admin_referer('bulk-themes');
$themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
if ( empty($themes) ) {
wp_redirect( add_query_arg( 'error', 'none', $referer ) );
wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
exit;
}
foreach( (array) $themes as $theme )
$allowed_themes[ $theme ] = true;
update_site_option( 'allowedthemes', $allowed_themes );
wp_redirect( add_query_arg( 'enabled', count( $themes ), $referer ) );
wp_safe_redirect( add_query_arg( 'enabled', count( $themes ), $referer ) );
exit;
break;
case 'disable-selected':
check_admin_referer('bulk-themes');
$themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
if ( empty($themes) ) {
wp_redirect( add_query_arg( 'error', 'none', $referer ) );
wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
exit;
}
foreach( (array) $themes as $theme )
unset( $allowed_themes[ $theme ] );
update_site_option( 'allowedthemes', $allowed_themes );
wp_redirect( add_query_arg( 'disabled', count( $themes ), $referer ) );
wp_safe_redirect( add_query_arg( 'disabled', count( $themes ), $referer ) );
exit;
break;
case 'update-selected' :
@ -117,7 +117,7 @@ if ( $action ) {
unset( $themes[ get_option( 'stylesheet' ) ] );
if ( empty( $themes ) ) {
wp_redirect( add_query_arg( 'error', 'none', $referer ) );
wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
exit;
}
@ -134,7 +134,7 @@ if ( $action ) {
}
if ( empty( $themes ) ) {
wp_redirect( add_query_arg( 'error', 'main', $referer ) );
wp_safe_redirect( add_query_arg( 'error', 'main', $referer ) );
exit;
}

View File

@ -166,7 +166,7 @@ if ( isset( $_GET['action'] ) ) {
}
}
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) );
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) );
} else {
$location = network_admin_url( 'users.php' );