Best practice, use wp_safe_redirect() when dealing with referrers. Props nacin.

git-svn-id: http://svn.automattic.com/wordpress/trunk@19579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2011-12-10 18:26:48 +00:00
parent ec305a2ee0
commit 02a1dd7ccb
7 changed files with 26 additions and 26 deletions

View File

@ -30,7 +30,7 @@ if ( $doaction ) {
} elseif ( isset( $_REQUEST['ids'] ) ) { } elseif ( isset( $_REQUEST['ids'] ) ) {
$comment_ids = array_map( 'absint', explode( ',', $_REQUEST['ids'] ) ); $comment_ids = array_map( 'absint', explode( ',', $_REQUEST['ids'] ) );
} elseif ( wp_get_referer() ) { } elseif ( wp_get_referer() ) {
wp_redirect( wp_get_referer() ); wp_safe_redirect( wp_get_referer() );
exit; exit;
} }
@ -92,7 +92,7 @@ if ( $doaction ) {
if ( $trashed || $spammed ) if ( $trashed || $spammed )
$redirect_to = add_query_arg( 'ids', join( ',', $comment_ids ), $redirect_to ); $redirect_to = add_query_arg( 'ids', join( ',', $comment_ids ), $redirect_to );
wp_redirect( $redirect_to ); wp_safe_redirect( $redirect_to );
exit; exit;
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );

View File

@ -367,7 +367,7 @@ function set_screen_options() {
} }
update_user_meta($user->ID, $option, $value); update_user_meta($user->ID, $option, $value);
wp_redirect( remove_query_arg( array('pagenum', 'apage', 'paged'), wp_get_referer() ) ); wp_safe_redirect( remove_query_arg( array('pagenum', 'apage', 'paged'), wp_get_referer() ) );
exit; exit;
} }
} }

View File

@ -118,12 +118,12 @@ if ( $action ) {
update_option( 'allowedthemes', $allowed_themes ); update_option( 'allowedthemes', $allowed_themes );
restore_current_blog(); restore_current_blog();
wp_redirect( add_query_arg( array( 'id' => $id, $action => $n ), $referer ) ); wp_safe_redirect( add_query_arg( array( 'id' => $id, $action => $n ), $referer ) );
exit; exit;
} }
if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) { if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) {
wp_redirect( $referer ); wp_safe_redirect( $referer );
exit(); exit();
} }

View File

@ -153,12 +153,12 @@ if ( $action ) {
} }
restore_current_blog(); restore_current_blog();
wp_redirect( add_query_arg( 'update', $update, $referer ) ); wp_safe_redirect( add_query_arg( 'update', $update, $referer ) );
exit(); exit();
} }
if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) { if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) {
wp_redirect( $referer ); wp_safe_redirect( $referer );
exit(); exit();
} }

View File

@ -63,9 +63,9 @@ if ( isset( $_GET['action'] ) ) {
if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) { if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {
wpmu_delete_blog( $id, true ); wpmu_delete_blog( $id, true );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete' ), wp_get_referer() ) );
} else { } else {
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'not_deleted' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'not_deleted' ), wp_get_referer() ) );
} }
exit(); exit();
@ -110,7 +110,7 @@ if ( isset( $_GET['action'] ) ) {
} }
} }
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $blogfunction ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $blogfunction ), wp_get_referer() ) );
} else { } else {
wp_redirect( network_admin_url( 'sites.php' ) ); wp_redirect( network_admin_url( 'sites.php' ) );
} }
@ -123,7 +123,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'archived', '1' ); update_blog_status( $id, 'archived', '1' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'archive' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'archive' ), wp_get_referer() ) );
exit(); exit();
break; break;
@ -133,7 +133,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'archived', '0' ); update_blog_status( $id, 'archived', '0' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unarchive' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unarchive' ), wp_get_referer() ) );
exit(); exit();
break; break;
@ -144,7 +144,7 @@ if ( isset( $_GET['action'] ) ) {
update_blog_status( $id, 'deleted', '0' ); update_blog_status( $id, 'deleted', '0' );
do_action( 'activate_blog', $id ); do_action( 'activate_blog', $id );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'activate' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'activate' ), wp_get_referer() ) );
exit(); exit();
break; break;
@ -155,7 +155,7 @@ if ( isset( $_GET['action'] ) ) {
do_action( 'deactivate_blog', $id ); do_action( 'deactivate_blog', $id );
update_blog_status( $id, 'deleted', '1' ); update_blog_status( $id, 'deleted', '1' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'deactivate' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'deactivate' ), wp_get_referer() ) );
exit(); exit();
break; break;
@ -165,7 +165,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'spam', '0' ); update_blog_status( $id, 'spam', '0' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unspam' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unspam' ), wp_get_referer() ) );
exit(); exit();
break; break;
@ -175,7 +175,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'spam', '1' ); update_blog_status( $id, 'spam', '1' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'spam' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'spam' ), wp_get_referer() ) );
exit(); exit();
break; break;
@ -185,7 +185,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'mature', '0' ); update_blog_status( $id, 'mature', '0' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unmature' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unmature' ), wp_get_referer() ) );
exit(); exit();
break; break;
@ -195,7 +195,7 @@ if ( isset( $_GET['action'] ) ) {
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ) );
update_blog_status( $id, 'mature', '1' ); update_blog_status( $id, 'mature', '1' );
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'mature' ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'mature' ), wp_get_referer() ) );
exit(); exit();
break; break;

View File

@ -47,33 +47,33 @@ if ( $action ) {
check_admin_referer('disable-theme_' . $_GET['theme']); check_admin_referer('disable-theme_' . $_GET['theme']);
unset( $allowed_themes[ $_GET['theme'] ] ); unset( $allowed_themes[ $_GET['theme'] ] );
update_site_option( 'allowedthemes', $allowed_themes ); update_site_option( 'allowedthemes', $allowed_themes );
wp_redirect( add_query_arg( 'disabled', '1', $referer ) ); wp_safe_redirect( add_query_arg( 'disabled', '1', $referer ) );
exit; exit;
break; break;
case 'enable-selected': case 'enable-selected':
check_admin_referer('bulk-themes'); check_admin_referer('bulk-themes');
$themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); $themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
if ( empty($themes) ) { if ( empty($themes) ) {
wp_redirect( add_query_arg( 'error', 'none', $referer ) ); wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
exit; exit;
} }
foreach( (array) $themes as $theme ) foreach( (array) $themes as $theme )
$allowed_themes[ $theme ] = true; $allowed_themes[ $theme ] = true;
update_site_option( 'allowedthemes', $allowed_themes ); update_site_option( 'allowedthemes', $allowed_themes );
wp_redirect( add_query_arg( 'enabled', count( $themes ), $referer ) ); wp_safe_redirect( add_query_arg( 'enabled', count( $themes ), $referer ) );
exit; exit;
break; break;
case 'disable-selected': case 'disable-selected':
check_admin_referer('bulk-themes'); check_admin_referer('bulk-themes');
$themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); $themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
if ( empty($themes) ) { if ( empty($themes) ) {
wp_redirect( add_query_arg( 'error', 'none', $referer ) ); wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
exit; exit;
} }
foreach( (array) $themes as $theme ) foreach( (array) $themes as $theme )
unset( $allowed_themes[ $theme ] ); unset( $allowed_themes[ $theme ] );
update_site_option( 'allowedthemes', $allowed_themes ); update_site_option( 'allowedthemes', $allowed_themes );
wp_redirect( add_query_arg( 'disabled', count( $themes ), $referer ) ); wp_safe_redirect( add_query_arg( 'disabled', count( $themes ), $referer ) );
exit; exit;
break; break;
case 'update-selected' : case 'update-selected' :
@ -117,7 +117,7 @@ if ( $action ) {
unset( $themes[ get_option( 'stylesheet' ) ] ); unset( $themes[ get_option( 'stylesheet' ) ] );
if ( empty( $themes ) ) { if ( empty( $themes ) ) {
wp_redirect( add_query_arg( 'error', 'none', $referer ) ); wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
exit; exit;
} }
@ -134,7 +134,7 @@ if ( $action ) {
} }
if ( empty( $themes ) ) { if ( empty( $themes ) ) {
wp_redirect( add_query_arg( 'error', 'main', $referer ) ); wp_safe_redirect( add_query_arg( 'error', 'main', $referer ) );
exit; exit;
} }

View File

@ -166,7 +166,7 @@ if ( isset( $_GET['action'] ) ) {
} }
} }
wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) ); wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) );
} else { } else {
$location = network_admin_url( 'users.php' ); $location = network_admin_url( 'users.php' );