Best practice, use wp_safe_redirect() when dealing with referrers. Props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
ec305a2ee0
commit
02a1dd7ccb
|
@ -30,7 +30,7 @@ if ( $doaction ) {
|
|||
} elseif ( isset( $_REQUEST['ids'] ) ) {
|
||||
$comment_ids = array_map( 'absint', explode( ',', $_REQUEST['ids'] ) );
|
||||
} elseif ( wp_get_referer() ) {
|
||||
wp_redirect( wp_get_referer() );
|
||||
wp_safe_redirect( wp_get_referer() );
|
||||
exit;
|
||||
}
|
||||
|
||||
|
@ -92,7 +92,7 @@ if ( $doaction ) {
|
|||
if ( $trashed || $spammed )
|
||||
$redirect_to = add_query_arg( 'ids', join( ',', $comment_ids ), $redirect_to );
|
||||
|
||||
wp_redirect( $redirect_to );
|
||||
wp_safe_redirect( $redirect_to );
|
||||
exit;
|
||||
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
|
||||
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
|
||||
|
|
|
@ -367,7 +367,7 @@ function set_screen_options() {
|
|||
}
|
||||
|
||||
update_user_meta($user->ID, $option, $value);
|
||||
wp_redirect( remove_query_arg( array('pagenum', 'apage', 'paged'), wp_get_referer() ) );
|
||||
wp_safe_redirect( remove_query_arg( array('pagenum', 'apage', 'paged'), wp_get_referer() ) );
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -118,12 +118,12 @@ if ( $action ) {
|
|||
update_option( 'allowedthemes', $allowed_themes );
|
||||
restore_current_blog();
|
||||
|
||||
wp_redirect( add_query_arg( array( 'id' => $id, $action => $n ), $referer ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'id' => $id, $action => $n ), $referer ) );
|
||||
exit;
|
||||
}
|
||||
|
||||
if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) {
|
||||
wp_redirect( $referer );
|
||||
wp_safe_redirect( $referer );
|
||||
exit();
|
||||
}
|
||||
|
||||
|
|
|
@ -153,12 +153,12 @@ if ( $action ) {
|
|||
}
|
||||
|
||||
restore_current_blog();
|
||||
wp_redirect( add_query_arg( 'update', $update, $referer ) );
|
||||
wp_safe_redirect( add_query_arg( 'update', $update, $referer ) );
|
||||
exit();
|
||||
}
|
||||
|
||||
if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) {
|
||||
wp_redirect( $referer );
|
||||
wp_safe_redirect( $referer );
|
||||
exit();
|
||||
}
|
||||
|
||||
|
|
|
@ -63,9 +63,9 @@ if ( isset( $_GET['action'] ) ) {
|
|||
|
||||
if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {
|
||||
wpmu_delete_blog( $id, true );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete' ), wp_get_referer() ) );
|
||||
} else {
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'not_deleted' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'not_deleted' ), wp_get_referer() ) );
|
||||
}
|
||||
|
||||
exit();
|
||||
|
@ -110,7 +110,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
}
|
||||
}
|
||||
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $blogfunction ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $blogfunction ), wp_get_referer() ) );
|
||||
} else {
|
||||
wp_redirect( network_admin_url( 'sites.php' ) );
|
||||
}
|
||||
|
@ -123,7 +123,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
|
||||
update_blog_status( $id, 'archived', '1' );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'archive' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'archive' ), wp_get_referer() ) );
|
||||
exit();
|
||||
break;
|
||||
|
||||
|
@ -133,7 +133,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
|
||||
update_blog_status( $id, 'archived', '0' );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unarchive' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unarchive' ), wp_get_referer() ) );
|
||||
exit();
|
||||
break;
|
||||
|
||||
|
@ -144,7 +144,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
|
||||
update_blog_status( $id, 'deleted', '0' );
|
||||
do_action( 'activate_blog', $id );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'activate' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'activate' ), wp_get_referer() ) );
|
||||
exit();
|
||||
break;
|
||||
|
||||
|
@ -155,7 +155,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
|
||||
do_action( 'deactivate_blog', $id );
|
||||
update_blog_status( $id, 'deleted', '1' );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'deactivate' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'deactivate' ), wp_get_referer() ) );
|
||||
exit();
|
||||
break;
|
||||
|
||||
|
@ -165,7 +165,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
|
||||
update_blog_status( $id, 'spam', '0' );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unspam' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unspam' ), wp_get_referer() ) );
|
||||
exit();
|
||||
break;
|
||||
|
||||
|
@ -175,7 +175,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
|
||||
update_blog_status( $id, 'spam', '1' );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'spam' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'spam' ), wp_get_referer() ) );
|
||||
exit();
|
||||
break;
|
||||
|
||||
|
@ -185,7 +185,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
|
||||
update_blog_status( $id, 'mature', '0' );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unmature' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unmature' ), wp_get_referer() ) );
|
||||
exit();
|
||||
break;
|
||||
|
||||
|
@ -195,7 +195,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
|
||||
update_blog_status( $id, 'mature', '1' );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'mature' ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'mature' ), wp_get_referer() ) );
|
||||
exit();
|
||||
break;
|
||||
|
||||
|
|
|
@ -47,33 +47,33 @@ if ( $action ) {
|
|||
check_admin_referer('disable-theme_' . $_GET['theme']);
|
||||
unset( $allowed_themes[ $_GET['theme'] ] );
|
||||
update_site_option( 'allowedthemes', $allowed_themes );
|
||||
wp_redirect( add_query_arg( 'disabled', '1', $referer ) );
|
||||
wp_safe_redirect( add_query_arg( 'disabled', '1', $referer ) );
|
||||
exit;
|
||||
break;
|
||||
case 'enable-selected':
|
||||
check_admin_referer('bulk-themes');
|
||||
$themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
|
||||
if ( empty($themes) ) {
|
||||
wp_redirect( add_query_arg( 'error', 'none', $referer ) );
|
||||
wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
|
||||
exit;
|
||||
}
|
||||
foreach( (array) $themes as $theme )
|
||||
$allowed_themes[ $theme ] = true;
|
||||
update_site_option( 'allowedthemes', $allowed_themes );
|
||||
wp_redirect( add_query_arg( 'enabled', count( $themes ), $referer ) );
|
||||
wp_safe_redirect( add_query_arg( 'enabled', count( $themes ), $referer ) );
|
||||
exit;
|
||||
break;
|
||||
case 'disable-selected':
|
||||
check_admin_referer('bulk-themes');
|
||||
$themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
|
||||
if ( empty($themes) ) {
|
||||
wp_redirect( add_query_arg( 'error', 'none', $referer ) );
|
||||
wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
|
||||
exit;
|
||||
}
|
||||
foreach( (array) $themes as $theme )
|
||||
unset( $allowed_themes[ $theme ] );
|
||||
update_site_option( 'allowedthemes', $allowed_themes );
|
||||
wp_redirect( add_query_arg( 'disabled', count( $themes ), $referer ) );
|
||||
wp_safe_redirect( add_query_arg( 'disabled', count( $themes ), $referer ) );
|
||||
exit;
|
||||
break;
|
||||
case 'update-selected' :
|
||||
|
@ -117,7 +117,7 @@ if ( $action ) {
|
|||
unset( $themes[ get_option( 'stylesheet' ) ] );
|
||||
|
||||
if ( empty( $themes ) ) {
|
||||
wp_redirect( add_query_arg( 'error', 'none', $referer ) );
|
||||
wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
|
||||
exit;
|
||||
}
|
||||
|
||||
|
@ -134,7 +134,7 @@ if ( $action ) {
|
|||
}
|
||||
|
||||
if ( empty( $themes ) ) {
|
||||
wp_redirect( add_query_arg( 'error', 'main', $referer ) );
|
||||
wp_safe_redirect( add_query_arg( 'error', 'main', $referer ) );
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -166,7 +166,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
}
|
||||
}
|
||||
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) );
|
||||
wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) );
|
||||
} else {
|
||||
$location = network_admin_url( 'users.php' );
|
||||
|
||||
|
|
Loading…
Reference in New Issue