Check for urls that have a scheme but no host in wp_validate_redirect().

git-svn-id: http://svn.automattic.com/wordpress/trunk@13878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2010-03-29 16:47:17 +00:00
parent 175c104baa
commit 11dc8e15c9
1 changed files with 4 additions and 0 deletions

View File

@ -990,6 +990,10 @@ function wp_validate_redirect($location, $default = '') {
if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) ) if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
return $default; return $default;
// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
if ( isset($lp['scheme']) && !isset($lp['host']) )
return $default;
$wpp = parse_url(home_url()); $wpp = parse_url(home_url());
$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : ''); $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');