From d7640f25360c0bf746dda04aabea4c217b344fa1 Mon Sep 17 00:00:00 2001 From: Dominik Schilling Date: Tue, 3 Apr 2018 15:30:06 +0000 Subject: [PATCH] Login: Use `wp_safe_redirect()` when redirecting the login page if forced to use HTTPS. Merge of [42892] to the 4.7 branch. Built from https://develop.svn.wordpress.org/branches/4.7@42897 git-svn-id: http://core.svn.wordpress.org/branches/4.7@42727 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-login.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wp-login.php b/wp-login.php index 4e189d86b0..aede58d445 100644 --- a/wp-login.php +++ b/wp-login.php @@ -14,10 +14,10 @@ require( dirname(__FILE__) . '/wp-load.php' ); // Redirect to https login if forced to use SSL if ( force_ssl_admin() && ! is_ssl() ) { if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { - wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); + wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); exit(); } else { - wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); + wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit(); } }