From cf3fddde96569e340038bba0723bb557b99df1eb Mon Sep 17 00:00:00 2001
From: Andrew Nacin <wp@andrewnacin.com>
Date: Tue, 10 Sep 2013 18:07:10 +0000
Subject: [PATCH] Validate referrers to prevent off-domain redirects.

Built from https://develop.svn.wordpress.org/trunk@25318


git-svn-id: http://core.svn.wordpress.org/trunk@25280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/functions.php | 4 ++--
 wp-includes/pluggable.php | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index c6ce697fb1..7406286533 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -1296,7 +1296,7 @@ function wp_get_referer() {
 		$ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
 
 	if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
-		return wp_unslash( $ref );
+		return wp_validate_redirect( $ref, false );
 	return false;
 }
 
@@ -1311,7 +1311,7 @@ function wp_get_referer() {
  */
 function wp_get_original_referer() {
 	if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
-		return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
+		return wp_validate_redirect( wp_unslash( $_REQUEST['_wp_original_http_referer'] ), false );
 	return false;
 }
 
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 2e82e7bdce..b59c81fed9 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -964,6 +964,7 @@ if ( !function_exists('wp_validate_redirect') ) :
  * @return string redirect-sanitized URL
  **/
 function wp_validate_redirect($location, $default = '') {
+	$location = trim( $location );
 	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
 	if ( substr($location, 0, 2) == '//' )
 		$location = 'http:' . $location;