Always wp_unslash() the return of wp_get_referer().
see #21767 git-svn-id: http://core.svn.wordpress.org/trunk@23570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f23bcb88a0
commit
09d2c65970
|
@ -314,7 +314,7 @@ if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create
|
||||||
<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
|
<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
|
||||||
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" />
|
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" />
|
||||||
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" />
|
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" />
|
||||||
<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
|
<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_get_referer()); ?>" />
|
||||||
<?php if ( ! empty( $active_post_lock ) ) { ?>
|
<?php if ( ! empty( $active_post_lock ) ) { ?>
|
||||||
<input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" />
|
<input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" />
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -77,7 +77,7 @@ else
|
||||||
<?php else :
|
<?php else :
|
||||||
switch ( $step ) :
|
switch ( $step ) :
|
||||||
case 0:
|
case 0:
|
||||||
$goback = wp_unslash( wp_get_referer() );
|
$goback = wp_get_referer();
|
||||||
$goback = esc_url_raw( $goback );
|
$goback = esc_url_raw( $goback );
|
||||||
$goback = urlencode( $goback );
|
$goback = urlencode( $goback );
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -54,7 +54,7 @@ get_current_screen()->set_help_sidebar(
|
||||||
'<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
|
'<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
|
||||||
);
|
);
|
||||||
|
|
||||||
$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
|
$wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer );
|
||||||
|
|
||||||
$user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );
|
$user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );
|
||||||
|
|
||||||
|
|
|
@ -1283,7 +1283,7 @@ function wp_get_referer() {
|
||||||
$ref = $_SERVER['HTTP_REFERER'];
|
$ref = $_SERVER['HTTP_REFERER'];
|
||||||
|
|
||||||
if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
|
if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
|
||||||
return $ref;
|
return wp_unslash( $ref );
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue