Improve URL validation in `wp_validate_redirect()`.
Props vortfu, whyisjake, peterwilsoncc. Built from https://develop.svn.wordpress.org/trunk@45971 git-svn-id: http://core.svn.wordpress.org/trunk@45782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov
parent
187d747198
commit
c86ee39ff4
|
|
@ -1407,6 +1407,14 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
||||||
return $default;
|
return $default;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) {
|
||||||
|
$path = '';
|
||||||
|
if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
|
||||||
|
$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
|
||||||
|
}
|
||||||
|
$location = '/' . ltrim( $path . '/', '/' ) . $location;
|
||||||
|
}
|
||||||
|
|
||||||
// Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
|
// Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
|
||||||
if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
|
if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
|
||||||
return $default;
|
return $default;
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '5.3-alpha-45964';
|
$wp_version = '5.3-alpha-45971';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue