diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 4cd3f9af39..46d37774d0 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -1319,6 +1319,14 @@ function wp_validate_redirect($location, $default = '') { if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) ) return $default; + if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) { + $path = ''; + if ( ! empty( $_SERVER['REQUEST_URI'] ) ) { + $path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' ); + } + $location = '/' . ltrim( $path . '/', '/' ) . $location; + } + // Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field. if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) { return $default;