Validate referrers to prevent off-domain redirects.

Built from https://develop.svn.wordpress.org/trunk@25318 git-svn-id: http://core.svn.wordpress.org/trunk@25280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 18:07:10 +00:00 · 2013-09-10 18:07:10 +00:00 · cf3fddde96
parent c8a7b53c65
commit cf3fddde96
2 changed files with 3 additions and 2 deletions
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@ -1296,7 +1296,7 @@ function wp_get_referer() {
 		$ref = wp_unslash( $_SERVER['HTTP_REFERER'] );

 	if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
-		return wp_unslash( $ref );
+		return wp_validate_redirect( $ref, false );
 	return false;
 }

@ -1311,7 +1311,7 @@ function wp_get_referer() {
 */
 function wp_get_original_referer() {
 	if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
-		return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
+		return wp_validate_redirect( wp_unslash( $_REQUEST['_wp_original_http_referer'] ), false );
 	return false;
 }

--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -964,6 +964,7 @@ if ( !function_exists('wp_validate_redirect') ) :
 * @return string redirect-sanitized URL
 **/
 function wp_validate_redirect($location, $default = '') {
+	$location = trim( $location );
 	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
 	if ( substr($location, 0, 2) == '//' )
 		$location = 'http:' . $location;