Use wp_get_referer(). fixes #2800 #2855

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3923 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/edit-form-advanced.php

@@ -211,10 +211,10 @@ if ('publish' != $post->post_status || 0 == $post_ID) {
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
 	echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid($_SERVER['HTTP_REFERER']) == $post_ID )
+else if ( url_to_postid(wp_get_referer()) == $post_ID )
 	echo 'redo';
 else
-	echo wp_specialchars($_SERVER['HTTP_REFERER']);
+	echo wp_specialchars(wp_get_referer());
 ?>" /></p>
 
 <?php do_action('edit_form_advanced'); ?>

wp-admin/edit-form-comment.php

@@ -89,7 +89,7 @@ else
 </script>
 
 <p class="submit"><input type="submit" name="editcomment" id="editcomment" value="<?php echo $submitbutton_text ?>" style="font-weight: bold;" tabindex="6" />
-  <input name="referredby" type="hidden" id="referredby" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php echo wp_get_referer(); ?>" />
 </p>
 
 </div>

wp-admin/edit-form.php

@@ -64,7 +64,7 @@ edCanvas = document.getElementById('content');
 <?php if ('bookmarklet' != $mode) {
       echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
   } ?>
-  <input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo urlencode($_SERVER['HTTP_REFERER']); ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php if (isset(wp_get_referer())) echo urlencode(wp_get_referer()); ?>" />
 </p>
 
 <?php do_action('simple_edit_form', ''); ?>

wp-admin/edit-page-form.php

@@ -14,7 +14,7 @@ if (0 == $post_ID) {
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
-$sendto = $_SERVER['HTTP_REFERER'];
+$sendto = wp_get_referer();
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
  	$sendto = 'redo';

wp-admin/link-manager.php

@@ -129,7 +129,7 @@ switch ($action) {
 
 	add_link();
 	
-    header('Location: ' . $_SERVER['HTTP_REFERER'] . '?added=true');
+    header('Location: ' . wp_get_referer() . '?added=true');
     break;
   } // end Add
 

wp-admin/post.php

@@ -111,12 +111,12 @@ case 'editpost':
 	$post_ID = edit_post();
 
 	if ($_POST['save']) {
-		$location = $_SERVER['HTTP_REFERER'];
+		$location = wp_get_referer();
 	} elseif ($_POST['updatemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+		$location = wp_get_referer() . '&message=2#postcustom';
 	} elseif ($_POST['deletemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
-	} elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+		$location = wp_get_referer() . '&message=3#postcustom';
+	} elseif (!empty($_POST['referredby']) && $_POST['referredby'] != wp_get_referer()) {
 		$location = $_POST['referredby'];
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $post_ID );
@@ -125,6 +125,7 @@ case 'editpost':
 	} else {
 		$location = 'post.php';
 	}
+
 	header ('Location: ' . $location); // Send user on their way while we keep working
 
 	exit();
@@ -147,7 +148,7 @@ case 'delete':
 			die( __('Error in deleting...') );
 	}
 
-	$sendback = $_SERVER['HTTP_REFERER'];
+	$sendback = wp_get_referer();
 	if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
 	elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
 	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
@@ -234,8 +235,8 @@ case 'deletecomment':
 	wp_set_comment_status($comment->comment_ID, "delete");
 	do_action('delete_comment', $comment->comment_ID);
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		header('Location: ' . wp_get_referer());
 	} else {
 		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
@@ -261,8 +262,8 @@ case 'unapprovecomment':
 
 	wp_set_comment_status($comment->comment_ID, "hold");
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		header('Location: ' . wp_get_referer());
 	} else {
 		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
@@ -312,8 +313,8 @@ case 'approvecomment':
 	}
 
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		header('Location: ' . wp_get_referer());
 	} else {
 		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}

wp-admin/upgrade.php

@@ -67,7 +67,7 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it
 switch($step) {
 
 	case 0:
-	$goback = wp_specialchars($_SERVER['HTTP_REFERER'], 1);
+	$goback = wp_specialchars(wp_get_referer());
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
 	<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>

wp-pass.php

@@ -7,5 +7,5 @@ if ( get_magic_quotes_gpc() )
 // 10 days
 setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
 
-wp_redirect($_SERVER['HTTP_REFERER']);
+wp_redirect(wp_get_referer());
 ?>