From a717edca97121f3b5f8e4428e5cde75ec3ce8a2a Mon Sep 17 00:00:00 2001 From: nacin Date: Thu, 9 Dec 2010 18:02:54 +0000 Subject: [PATCH] Always exit after wp_redirect. props filosofo, fixes #15518. git-svn-id: http://svn.automattic.com/wordpress/trunk@16847 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin.php | 8 ++++++-- wp-admin/includes/ms.php | 4 +--- wp-admin/link-manager.php | 1 + wp-admin/media-upload.php | 1 + wp-admin/moderation.php | 1 + wp-admin/ms-admin.php | 4 +++- wp-admin/ms-edit.php | 4 +++- wp-admin/ms-sites.php | 5 ++++- wp-admin/ms-themes.php | 4 +++- wp-admin/ms-upgrade-network.php | 5 ++++- wp-admin/ms-users.php | 4 +++- wp-admin/network/admin.php | 5 +++-- wp-admin/network/edit.php | 4 +++- wp-admin/network/site-info.php | 1 + wp-admin/network/site-options.php | 3 ++- wp-admin/network/site-users.php | 2 +- wp-admin/plugin-editor.php | 1 - wp-admin/post.php | 3 ++- wp-admin/update-core.php | 2 ++ wp-admin/user/admin.php | 5 +++-- wp-atom.php | 4 ++-- wp-comments-post.php | 2 +- wp-commentsrss2.php | 4 ++-- wp-feed.php | 4 ++-- wp-pass.php | 3 ++- wp-rdf.php | 4 ++-- wp-register.php | 4 ++-- wp-rss.php | 4 ++-- wp-rss2.php | 4 ++-- 29 files changed, 64 insertions(+), 36 deletions(-) diff --git a/wp-admin/admin.php b/wp-admin/admin.php index e7ff153d1a..da73cdf29a 100644 --- a/wp-admin/admin.php +++ b/wp-admin/admin.php @@ -178,13 +178,17 @@ if ( isset($plugin_page) ) { if ( ! current_user_can('import') ) wp_die(__('You are not allowed to import.')); - if ( validate_file($importer) ) + if ( validate_file($importer) ) { wp_redirect( admin_url( 'import.php?invalid=' . $importer ) ); + exit; + } // Allow plugins to define importers as well if ( !isset($wp_importers) || !isset($wp_importers[$importer]) || ! is_callable($wp_importers[$importer][2])) { - if (! file_exists(ABSPATH . "wp-admin/import/$importer.php")) + if (! file_exists(ABSPATH . "wp-admin/import/$importer.php")) { wp_redirect( admin_url( 'import.php?invalid=' . $importer ) ); + exit; + } include(ABSPATH . "wp-admin/import/$importer.php"); } diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php index 90bb09a730..e3bacedba9 100644 --- a/wp-admin/includes/ms.php +++ b/wp-admin/includes/ms.php @@ -507,12 +507,10 @@ function redirect_user_to_blog() { if ( is_object( $blog ) ) { wp_redirect( get_admin_url( $blog->blog_id, '?c=' . $c ) ); // redirect and count to 5, "just in case" - exit; } else { wp_redirect( user_admin_url( '?c=' . $c ) ); // redirect and count to 5, "just in case" } - - wp_die( __( 'You do not have sufficient permissions to access this page.' ) ); + exit; } add_action( 'admin_page_access_denied', 'redirect_user_to_blog', 99 ); diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index 95223a9b2c..5f02cd1b5e 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -29,6 +29,7 @@ if ( $doaction && isset( $_REQUEST['linkcheck'] ) ) { } wp_redirect( add_query_arg('deleted', count( $bulklinks ), admin_url( 'link-manager.php' ) ) ); + exit; } } elseif ( ! empty( $_REQUEST['_wp_http_referer'] ) ) { wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); diff --git a/wp-admin/media-upload.php b/wp-admin/media-upload.php index 4a15cc30d5..19eda09652 100644 --- a/wp-admin/media-upload.php +++ b/wp-admin/media-upload.php @@ -55,6 +55,7 @@ if ( isset($_GET['inline']) ) { $location .= '?message=3'; wp_redirect( admin_url($location) ); + exit; } $title = __('Upload New Media'); diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php index 31559c9763..dc705b63a1 100644 --- a/wp-admin/moderation.php +++ b/wp-admin/moderation.php @@ -9,4 +9,5 @@ */ require_once('../wp-load.php'); wp_redirect( admin_url('edit-comments.php?comment_status=moderated') ); +exit; ?> diff --git a/wp-admin/ms-admin.php b/wp-admin/ms-admin.php index b302bbf855..5ebb14c24b 100644 --- a/wp-admin/ms-admin.php +++ b/wp-admin/ms-admin.php @@ -9,4 +9,6 @@ require_once( './admin.php' ); -wp_redirect( network_admin_url() ); \ No newline at end of file +wp_redirect( network_admin_url() ); +exit; +?> diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php index e4aecab759..6c0e04fe5d 100644 --- a/wp-admin/ms-edit.php +++ b/wp-admin/ms-edit.php @@ -9,4 +9,6 @@ require_once( './admin.php' ); -wp_redirect( network_admin_url() ); \ No newline at end of file +wp_redirect( network_admin_url() ); +exit; +?> diff --git a/wp-admin/ms-sites.php b/wp-admin/ms-sites.php index 119b030955..9b788e3c97 100644 --- a/wp-admin/ms-sites.php +++ b/wp-admin/ms-sites.php @@ -9,4 +9,7 @@ require_once( './admin.php' ); -wp_redirect( network_admin_url('sites.php') ); \ No newline at end of file +wp_redirect( network_admin_url('sites.php') ); +exit; + +?> diff --git a/wp-admin/ms-themes.php b/wp-admin/ms-themes.php index b7ad093bc4..ad54efe2e5 100644 --- a/wp-admin/ms-themes.php +++ b/wp-admin/ms-themes.php @@ -9,4 +9,6 @@ require_once( './admin.php' ); -wp_redirect( network_admin_url('themes.php') ); \ No newline at end of file +wp_redirect( network_admin_url('themes.php') ); +exit; +?> diff --git a/wp-admin/ms-upgrade-network.php b/wp-admin/ms-upgrade-network.php index 5e2ef281b4..0a4ea56ab1 100644 --- a/wp-admin/ms-upgrade-network.php +++ b/wp-admin/ms-upgrade-network.php @@ -9,4 +9,7 @@ require_once('admin.php'); -wp_redirect( network_admin_url('upgrade.php') ); \ No newline at end of file +wp_redirect( network_admin_url('upgrade.php') ); +exit; + +?> diff --git a/wp-admin/ms-users.php b/wp-admin/ms-users.php index 4fe48a552c..5b4f1c52b2 100644 --- a/wp-admin/ms-users.php +++ b/wp-admin/ms-users.php @@ -9,4 +9,6 @@ require_once( './admin.php' ); -wp_redirect( network_admin_url('users.php') ); \ No newline at end of file +wp_redirect( network_admin_url('users.php') ); +exit; +?> diff --git a/wp-admin/network/admin.php b/wp-admin/network/admin.php index 76a5715dd9..d4374de09e 100644 --- a/wp-admin/network/admin.php +++ b/wp-admin/network/admin.php @@ -15,7 +15,8 @@ require_once( dirname( dirname( __FILE__ ) ) . '/admin.php' ); if ( ! is_multisite() ) wp_die( __( 'Multisite support is not enabled.' ) ); -if ( ! is_main_site() ) +if ( ! is_main_site() ) { wp_redirect( network_admin_url() ); - + exit; +} ?> diff --git a/wp-admin/network/edit.php b/wp-admin/network/edit.php index 939139305d..8937ada651 100644 --- a/wp-admin/network/edit.php +++ b/wp-admin/network/edit.php @@ -13,8 +13,10 @@ require_once( './admin.php' ); if ( ! is_multisite() ) wp_die( __( 'Multisite support is not enabled.' ) ); -if ( empty( $_GET['action'] ) ) +if ( empty( $_GET['action'] ) ) { wp_redirect( admin_url( 'index.php' ) ); + exit; +} function confirm_delete_users( $users ) { $current_user = wp_get_current_user(); diff --git a/wp-admin/network/site-info.php b/wp-admin/network/site-info.php index 4e7679005f..750c6c26dd 100644 --- a/wp-admin/network/site-info.php +++ b/wp-admin/network/site-info.php @@ -58,6 +58,7 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] ) { restore_current_blog(); wp_redirect( add_query_arg( array( 'update' => 'updated', 'id' => $id ), 'site-info.php') ); + exit; } if ( isset($_GET['update']) ) { diff --git a/wp-admin/network/site-options.php b/wp-admin/network/site-options.php index b1a3912cba..ca63beba14 100644 --- a/wp-admin/network/site-options.php +++ b/wp-admin/network/site-options.php @@ -48,6 +48,7 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_ar do_action( 'wpmu_update_blog_options' ); restore_current_blog(); wp_redirect( add_query_arg( array( 'update' => 'updated', 'id' => $id ), 'site-options.php') ); + exit; } if ( isset($_GET['update']) ) { @@ -131,4 +132,4 @@ if ( ! empty( $messages ) ) { time()) + (array)get_option('recently_activated')); wp_redirect(add_query_arg('_wpnonce', wp_create_nonce('edit-plugin-test_' . $file), "plugin-editor.php?file=$file&liveupdate=1&scrollto=$scrollto&networkwide=" . $network_wide)); - exit; } wp_redirect( self_admin_url("plugin-editor.php?file=$file&a=te&scrollto=$scrollto") ); } else { diff --git a/wp-admin/post.php b/wp-admin/post.php index 146698420b..883ec3f4c3 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -85,6 +85,7 @@ function redirect_post($post_id = '') { } wp_redirect( apply_filters( 'redirect_post_location', $location, $post_id ) ); + exit; } if ( isset( $_POST['deletepost'] ) ) @@ -265,7 +266,7 @@ case 'preview': break; default: - wp_redirect( admin_url('edit.php') ); + wp_redirect( admin_url('edit.php') ); exit(); break; } // end switch diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php index 1f8cc200e5..4921b6f223 100644 --- a/wp-admin/update-core.php +++ b/wp-admin/update-core.php @@ -366,6 +366,7 @@ function do_dismiss_core_update() { return; dismiss_core_update( $update ); wp_redirect( wp_nonce_url('update-core.php?action=upgrade-core', 'upgrade-core') ); + exit; } function do_undismiss_core_update() { @@ -376,6 +377,7 @@ function do_undismiss_core_update() { return; undismiss_core_update( $version, $locale ); wp_redirect( wp_nonce_url('update-core.php?action=upgrade-core', 'upgrade-core') ); + exit; } function no_update_actions($actions) { diff --git a/wp-admin/user/admin.php b/wp-admin/user/admin.php index 196495d207..7315ea6306 100644 --- a/wp-admin/user/admin.php +++ b/wp-admin/user/admin.php @@ -11,7 +11,8 @@ define('WP_USER_ADMIN', TRUE); require_once( dirname(dirname(__FILE__)) . '/admin.php'); -if ( ! is_main_site() ) +if ( ! is_main_site() ) { wp_redirect( user_admin_url() ); - + exit; +} ?> diff --git a/wp-atom.php b/wp-atom.php index f7221f3fe8..a83ac7db1d 100644 --- a/wp-atom.php +++ b/wp-atom.php @@ -8,5 +8,5 @@ require( './wp-load.php' ); wp_redirect( get_bloginfo( 'atom_url' ), 301 ); - -?> \ No newline at end of file +exit; +?> diff --git a/wp-comments-post.php b/wp-comments-post.php index e2e12f76cb..9c17a355b2 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -101,5 +101,5 @@ $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POS $location = apply_filters('comment_post_redirect', $location, $comment); wp_redirect($location); - +exit; ?> diff --git a/wp-commentsrss2.php b/wp-commentsrss2.php index 1c146b1472..280766ed46 100644 --- a/wp-commentsrss2.php +++ b/wp-commentsrss2.php @@ -8,5 +8,5 @@ require( './wp-load.php' ); wp_redirect( get_bloginfo( 'comments_rss2_url' ), 301 ); - -?> \ No newline at end of file +exit; +?> diff --git a/wp-feed.php b/wp-feed.php index 24cd8d6721..afce8cd4c2 100644 --- a/wp-feed.php +++ b/wp-feed.php @@ -8,5 +8,5 @@ require( './wp-load.php' ); wp_redirect( get_bloginfo( get_default_feed() . '_url' ), 301 ); - -?> \ No newline at end of file +exit; +?> diff --git a/wp-pass.php b/wp-pass.php index 0ad6e5ea4e..c0c0c42a3e 100644 --- a/wp-pass.php +++ b/wp-pass.php @@ -16,4 +16,5 @@ if ( get_magic_quotes_gpc() ) setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); wp_safe_redirect(wp_get_referer()); -?> \ No newline at end of file +exit; +?> diff --git a/wp-rdf.php b/wp-rdf.php index 3c8f005ff9..cc94ad067c 100644 --- a/wp-rdf.php +++ b/wp-rdf.php @@ -8,5 +8,5 @@ require( './wp-load.php' ); wp_redirect( get_bloginfo( 'rdf_url' ), 301 ); - -?> \ No newline at end of file +exit; +?> diff --git a/wp-register.php b/wp-register.php index 4318cf127f..0b1a769764 100644 --- a/wp-register.php +++ b/wp-register.php @@ -11,5 +11,5 @@ require('./wp-load.php'); wp_redirect( site_url('wp-login.php?action=register') ); - -?> \ No newline at end of file +exit; +?> diff --git a/wp-rss.php b/wp-rss.php index 0ae63a2380..af2427ad5c 100644 --- a/wp-rss.php +++ b/wp-rss.php @@ -8,5 +8,5 @@ require( './wp-load.php' ); wp_redirect( get_bloginfo( 'rss_url' ), 301 ); - -?> \ No newline at end of file +exit; +?> diff --git a/wp-rss2.php b/wp-rss2.php index 78daa6d226..de75c2398e 100644 --- a/wp-rss2.php +++ b/wp-rss2.php @@ -8,5 +8,5 @@ require( './wp-load.php' ); wp_redirect( get_bloginfo( 'rss2_url' ), 301 ); - -?> \ No newline at end of file +exit; +?>