From 11dc8e15c97bb1bb23abbd3d5778cc173d426673 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Mon, 29 Mar 2010 16:47:17 +0000
Subject: [PATCH] Check for urls that have a scheme but no host in
 wp_validate_redirect().

git-svn-id: http://svn.automattic.com/wordpress/trunk@13878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/pluggable.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index b2182c3209..1e3dfe5169 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -990,6 +990,10 @@ function wp_validate_redirect($location, $default = '') {
 	if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
 		return $default;
 
+	// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
+	if ( isset($lp['scheme'])  && !isset($lp['host']) )
+		return $default;
+
 	$wpp = parse_url(home_url());
 
 	$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');