Check for urls that have a scheme but no host in wp_validate_redirect().
git-svn-id: http://svn.automattic.com/wordpress/trunk@13878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
175c104baa
commit
11dc8e15c9
|
@ -990,6 +990,10 @@ function wp_validate_redirect($location, $default = '') {
|
||||||
if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
|
if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
|
||||||
return $default;
|
return $default;
|
||||||
|
|
||||||
|
// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
|
||||||
|
if ( isset($lp['scheme']) && !isset($lp['host']) )
|
||||||
|
return $default;
|
||||||
|
|
||||||
$wpp = parse_url(home_url());
|
$wpp = parse_url(home_url());
|
||||||
|
|
||||||
$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
|
$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
|
||||||
|
|
Loading…
Reference in New Issue