WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create wp_validate_redirect(), have the upgrade done link use it. props Westi. fixes #10193 for 2.8.1 

git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@11611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2009-06-19 19:31:17 +00:00
parent d79197327d
commit fc904b8997
2 changed files with 32 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/upgrade.php
View File

@ -69,12 +69,10 @@ switch ( $step ) :
case 1: case 1:
wp_upgrade(); wp_upgrade();
if ( empty( $_GET['backto'] ) ) $backto = empty($_GET['backto']) ? '' : $_GET['backto'] ;
$backto = __get_option( 'home' ) . '/'; $backto = stripslashes( urldecode( $backto ) );
else {
$backto = stripslashes( urldecode( $_GET['backto'] ) );
$backto = esc_url_raw( $backto ); $backto = esc_url_raw( $backto );
} $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
?> ?>
<h2><?php _e( 'Upgrade Complete' ); ?></h2> <h2><?php _e( 'Upgrade Complete' ); ?></h2>
<p><?php _e( 'Your WordPress database has been successfully upgraded!' ); ?></p> <p><?php _e( 'Your WordPress database has been successfully upgraded!' ); ?></p>

32
wp-includes/pluggable.php
View File

@ -908,8 +908,7 @@ if ( !function_exists('wp_safe_redirect') ) :
* but only used in a few places. * but only used in a few places.
* *
* @since 2.3 * @since 2.3
* @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing * @uses wp_validate_redirect() To validate the redirect is to an allowed host.
* WordPress host string and $location host string.
* *
* @return void Does not return anything * @return void Does not return anything
**/ **/
@ -918,6 +917,31 @@ function wp_safe_redirect($location, $status = 302) {
// Need to look at the URL the way it will end up in wp_redirect() // Need to look at the URL the way it will end up in wp_redirect()
$location = wp_sanitize_redirect($location); $location = wp_sanitize_redirect($location);
$location = wp_validate_redirect($location, admin_url());
wp_redirect($location, $status);
}
endif;
if ( !function_exists('wp_validate_redirect') ) :
/**
* Validates a URL for use in a redirect.
*
* Checks whether the $location is using an allowed host, if it has an absolute
* path. A plugin can therefore set or remove allowed host(s) to or from the
* list.
*
* If the host is not allowed, then the redirect is to $default supplied
*
* @since 2.8.1
* @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
* WordPress host string and $location host string.
*
* @param string $location The redirect to validate
* @param string $default The value to return is $location is not allowed
* @return string redirect-sanitized URL
**/
function wp_validate_redirect($location, $default = '') {
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
if ( substr($location, 0, 2) == '//' ) if ( substr($location, 0, 2) == '//' )
$location = 'http:' . $location; $location = 'http:' . $location;
@ -931,9 +955,9 @@ function wp_safe_redirect($location, $status = 302) {
$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : ''); $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) ) if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
$location = admin_url(); $location = $default;
wp_redirect($location, $status); return $location;
} }
endif; endif;