General: Ignore invalid types for the '_wp_http_referer' URL query variable.
It's expected that this query variable contains a string when it's set, but it's possible for its type to be something else such as an array. Ignoring non-string values prevents cascading errors when its value is passed through functions that expect a string. Props xknown, costdev, jrf, azaozz Fixes #57670 Built from https://develop.svn.wordpress.org/trunk@56115 git-svn-id: http://core.svn.wordpress.org/trunk@55627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
168857d0f9
commit
6a33072f68
|
@ -1976,7 +1976,9 @@ function wp_get_referer() {
|
|||
}
|
||||
|
||||
/**
|
||||
* Retrieves unvalidated referer from '_wp_http_referer' or HTTP referer.
|
||||
* Retrieves unvalidated referer from the '_wp_http_referer' URL query variable or the HTTP referer.
|
||||
*
|
||||
* If the value of the '_wp_http_referer' URL query variable is not a string then it will be ignored.
|
||||
*
|
||||
* Do not use for redirects, use wp_get_referer() instead.
|
||||
*
|
||||
|
@ -1985,7 +1987,7 @@ function wp_get_referer() {
|
|||
* @return string|false Referer URL on success, false on failure.
|
||||
*/
|
||||
function wp_get_raw_referer() {
|
||||
if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
|
||||
if ( ! empty( $_REQUEST['_wp_http_referer'] ) && is_string( $_REQUEST['_wp_http_referer'] ) ) {
|
||||
return wp_unslash( $_REQUEST['_wp_http_referer'] );
|
||||
} elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) ) {
|
||||
return wp_unslash( $_SERVER['HTTP_REFERER'] );
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '6.3-beta2-56114';
|
||||
$wp_version = '6.3-beta2-56115';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
Loading…
Reference in New Issue