WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Customize: Make sure that preview and return URLs are URLs. 

Merge of [37527] to the 3.7 branch.
Built from https://develop.svn.wordpress.org/branches/3.7@37780


git-svn-id: http://core.svn.wordpress.org/branches/3.7@37745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dominik Schilling 2016-06-21 14:22:34 +00:00
parent 5e739be4f6
commit 7b14133f66
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-admin/customize.php
View File

@ -15,9 +15,10 @@ if ( ! current_user_can( 'edit_theme_options' ) )
wp_reset_vars( array( 'url', 'return' ) );
$url = urldecode( $url );
$url = esc_url_raw( $url );
$url = wp_validate_redirect( $url, home_url( '/' ) );
if ( $return )
$return = wp_validate_redirect( urldecode( $return ) );
$return = wp_validate_redirect( esc_url_raw( urldecode( $return ) ) );
if ( ! $return )
$return = $url;