diff --git a/wp-admin/categories.php b/wp-admin/categories.php index 87652c7a1b..90d92e4527 100644 --- a/wp-admin/categories.php +++ b/wp-admin/categories.php @@ -31,7 +31,7 @@ case 'addcat': wp_insert_category($_POST); - header('Location: categories.php?message=1#addcat'); + wp_redirect('categories.php?message=1#addcat'); break; case 'delete': @@ -52,7 +52,7 @@ case 'delete': wp_delete_category($cat_ID); - header('Location: categories.php?message=2'); + wp_redirect('categories.php?message=2'); break; @@ -74,7 +74,7 @@ case 'editedcat': wp_update_category($_POST); - header('Location: categories.php?message=3'); + wp_redirect('categories.php?message=3'); break; default: diff --git a/wp-admin/comment.php b/wp-admin/comment.php index df1379db53..06238b901d 100644 --- a/wp-admin/comment.php +++ b/wp-admin/comment.php @@ -118,9 +118,9 @@ case 'deletecomment': wp_delete_comment($comment->comment_ID); if ((wp_get_referer() != '') && (false == $noredir)) { - header('Location: ' . wp_get_referer()); + wp_redirect(wp_get_referer()); } else { - header('Location: '. get_settings('siteurl') .'/wp-admin/edit-comments.php'); + wp_redirect(get_settings('siteurl') .'/wp-admin/edit-comments.php'); } exit(); break; @@ -145,9 +145,9 @@ case 'unapprovecomment': wp_set_comment_status($comment->comment_ID, "hold"); if ((wp_get_referer() != "") && (false == $noredir)) { - header('Location: ' . wp_get_referer()); + wp_redirect(wp_get_referer()); } else { - header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments'); + wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments'); } exit(); break; @@ -176,9 +176,9 @@ case 'approvecomment': if ((wp_get_referer() != "") && (false == $noredir)) { - header('Location: ' . wp_get_referer()); + wp_redirect(wp_get_referer()); } else { - header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments'); + wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments'); } exit(); break; @@ -194,9 +194,9 @@ case 'editedcomment': $referredby = $_POST['referredby']; if (!empty($referredby)) { - header('Location: ' . $referredby); + wp_redirect($referredby); } else { - header ("Location: edit.php?p=$comment_post_ID&c=1#comments"); + wp_redirect("edit.php?p=$comment_post_ID&c=1#comments"); } break; diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php index fecffbd4ac..1e467ad4bb 100644 --- a/wp-admin/import/blogger.php +++ b/wp-admin/import/blogger.php @@ -25,7 +25,7 @@ class Blogger_Import { // Deletes saved data and redirect. function restart() { delete_option('import-blogger'); - header("Location: admin.php?import=blogger"); + wp_redirect("admin.php?import=blogger"); die(); } @@ -213,7 +213,7 @@ class Blogger_Import { // Redirects to next step function do_next_step() { - header("Location: admin.php?import=blogger&noheader=true&blog={$_GET['blog']}"); + wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}"); die(); } @@ -273,7 +273,7 @@ class Blogger_Import { ); } update_option('import-blogger', $this->import); - header("Location: admin.php?import=blogger&noheader=true&step=1"); + wp_redirect("admin.php?import=blogger&noheader=true&step=1"); } die(); } diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php index bc21d5f4c9..95ee59eb47 100644 --- a/wp-admin/inline-uploading.php +++ b/wp-admin/inline-uploading.php @@ -41,7 +41,7 @@ if ( !current_user_can('edit_post', (int) $attachment) ) wp_delete_attachment($attachment); -header("Location: " . basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start"); +wp_redirect(basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start"); die; case 'save': @@ -102,7 +102,7 @@ if ( preg_match('!^image/!', $attachment['post_mime_type']) ) { add_post_meta($id, '_wp_attachment_metadata', array()); } -header("Location: " . basename(__FILE__) . "?post=$post&all=$all&action=view&start=0"); +wp_redirect(basename(__FILE__) . "?post=$post&all=$all&action=view&start=0"); die(); case 'upload': @@ -141,7 +141,7 @@ if ( '' == $sort ) $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_type = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A); if ( count($attachments) == 0 ) { - header("Location: " . basename(__FILE__) ."?post=$post&action=upload" ); + wp_redirect( basename(__FILE__) ."?post=$post&action=upload" ); die; } elseif ( count($attachments) > $num ) { $next = $start + count($attachments) - $num; diff --git a/wp-admin/link.php b/wp-admin/link.php index ae61da3de7..967a02cfc8 100644 --- a/wp-admin/link.php +++ b/wp-admin/link.php @@ -37,7 +37,7 @@ switch ($action) { //for each link id (in $linkcheck[]) change category to selected value if (count($linkcheck) == 0) { - header('Location: '.$this_file); + wp_redirect($this_file); exit; } @@ -49,7 +49,7 @@ switch ($action) { $deleted++; } - header("Location: $this_file?deleted=$deleted"); + wp_redirect("$this_file?deleted=$deleted"); break; case 'move' : @@ -61,14 +61,14 @@ switch ($action) { //for each link id (in $linkcheck[]) change category to selected value if (count($linkcheck) == 0) { - header('Location: '.$this_file); + wp_redirect($this_file); exit; } $all_links = join(',', $linkcheck); // should now have an array of links we can change //$q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)"); - header('Location: '.$this_file); + wp_redirect($this_file); break; case 'add' : @@ -76,7 +76,7 @@ switch ($action) { add_link(); - header('Location: '.wp_get_referer().'?added=true'); + wp_redirect(wp_get_referer().'?added=true'); break; case 'save' : diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php index 5839e6f37e..530a99ea40 100644 --- a/wp-admin/moderation.php +++ b/wp-admin/moderation.php @@ -70,7 +70,7 @@ case 'update': } $file = basename(__FILE__); - header("Location: $file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam"); + wp_redirect("$file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam"); exit(); break; diff --git a/wp-admin/page.php b/wp-admin/page.php index ff867c45b5..d23750a5a5 100644 --- a/wp-admin/page.php +++ b/wp-admin/page.php @@ -49,7 +49,7 @@ case 'post': if ( isset($_POST['save']) ) $location = "page.php?action=edit&post=$page_ID"; - header("Location: $location"); + wp_redirect($location); exit(); break; @@ -112,7 +112,7 @@ case 'editpost': } else { $location = 'page-new.php'; } - header ('Location: ' . $location); // Send user on their way while we keep working + wp_redirect($location); // Send user on their way while we keep working exit(); break; @@ -138,12 +138,12 @@ case 'delete': if (strstr($sendback, 'page.php')) $sendback = get_settings('siteurl') .'/wp-admin/page.php'; elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php'; $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback); - header ('Location: ' . $sendback); + wp_redirect($sendback); exit(); break; default: - header('Location: edit-pages.php'); + wp_redirect('edit-pages.php'); exit(); break; } // end switch diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php index daf5ac4d75..28f27693c0 100644 --- a/wp-admin/plugin-editor.php +++ b/wp-admin/plugin-editor.php @@ -44,9 +44,9 @@ case 'update': $f = fopen($real_file, 'w+'); fwrite($f, $newcontent); fclose($f); - header("Location: plugin-editor.php?file=$file&a=te"); + wp_redirect("plugin-editor.php?file=$file&a=te"); } else { - header("Location: plugin-editor.php?file=$file"); + wp_redirect("plugin-editor.php?file=$file"); } exit(); diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 9aa6c48c39..2018350cc4 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -12,14 +12,14 @@ if ( isset($_GET['action']) ) { include(ABSPATH . 'wp-content/plugins/' . trim( $_GET['plugin'] )); do_action('activate_' . trim( $_GET['plugin'] )); } - header('Location: plugins.php?activate=true'); + wp_redirect('plugins.php?activate=true'); } else if ('deactivate' == $_GET['action']) { check_admin_referer('deactivate-plugin_' . $_GET['plugin']); $current = get_settings('active_plugins'); array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu! update_option('active_plugins', $current); do_action('deactivate_' . trim( $_GET['plugin'] )); - header('Location: plugins.php?deactivate=true'); + wp_redirect('plugins.php?deactivate=true'); } exit; } diff --git a/wp-admin/post.php b/wp-admin/post.php index 84f318facb..6b5f692255 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -52,7 +52,7 @@ case 'post': if ( isset($_POST['save']) ) $location = "post.php?action=edit&post=$post_ID"; - header("Location: $location"); + wp_redirect($location); exit(); break; @@ -119,7 +119,7 @@ case 'editpost': $location = 'post-new.php'; } - header ('Location: ' . $location); // Send user on their way while we keep working + wp_redirect($location); // Send user on their way while we keep working exit(); break; @@ -145,12 +145,12 @@ case 'delete': if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post-new.php'; elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php'; $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback); - header ('Location: ' . $sendback); + wp_redirect($sendback); exit(); break; default: - header('Location: edit.php'); + wp_redirect('edit.php'); exit(); break; } // end switch diff --git a/wp-admin/templates.php b/wp-admin/templates.php index ab7837da1e..59667d3d0f 100644 --- a/wp-admin/templates.php +++ b/wp-admin/templates.php @@ -47,12 +47,12 @@ case 'update': if ( $f ) { fwrite($f, $newcontent); fclose($f); - header("Location: templates.php?file=$file&a=te"); + wp_redirect("templates.php?file=$file&a=te"); } else { - header("Location: templates.php?file=$file&a=err"); + wp_redirect("templates.php?file=$file&a=err"); } } else { - header("Location: templates.php?file=$file&a=err"); + wp_redirect("templates.php?file=$file&a=err"); } exit(); diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php index 46d5648999..4ec1994fdb 100644 --- a/wp-admin/theme-editor.php +++ b/wp-admin/theme-editor.php @@ -58,9 +58,9 @@ case 'update': $f = fopen($real_file, 'w+'); fwrite($f, $newcontent); fclose($f); - header("Location: theme-editor.php?file=$file&theme=$theme&a=te"); + wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te"); } else { - header("Location: theme-editor.php?file=$file&theme=$theme"); + wp_redirect("theme-editor.php?file=$file&theme=$theme"); } exit(); diff --git a/wp-admin/themes.php b/wp-admin/themes.php index 08eb90a54f..483f46f7a8 100644 --- a/wp-admin/themes.php +++ b/wp-admin/themes.php @@ -13,7 +13,7 @@ if ( isset($_GET['action']) ) { do_action('switch_theme', get_current_theme()); - header('Location: themes.php?activated=true'); + wp_redirect('themes.php?activated=true'); exit; } } diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index f7ab8f7a21..086a1dc3a5 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -47,7 +47,7 @@ else if( !is_wp_error( $errors ) ) { $redirect = "user-edit.php?user_id=$user_id&updated=true"; $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect); - header("Location: $redirect"); + wp_redirect($redirect); exit; } diff --git a/wp-admin/users.php b/wp-admin/users.php index 4cef1f121d..c647ac0716 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -124,7 +124,7 @@ case 'promote': check_admin_referer('bulk-users'); if (empty($_POST['users'])) { - header('Location: ' . $redirect); + wp_redirect($redirect); } if ( !current_user_can('edit_users') ) @@ -145,7 +145,7 @@ case 'promote': $user->set_role($_POST['new_role']); } - header('Location: ' . add_query_arg('update', $update, $redirect)); + wp_redirect(add_query_arg('update', $update, $redirect)); break; @@ -154,7 +154,7 @@ case 'dodelete': check_admin_referer('delete-users'); if ( empty($_POST['users']) ) { - header('Location: ' . $redirect); + wp_redirect($redirect); } if ( !current_user_can('delete_users') ) @@ -185,7 +185,7 @@ case 'dodelete': $redirect = add_query_arg('delete_count', $delete_count, $redirect); - header('Location: ' . add_query_arg('update', $update, $redirect)); + wp_redirect(add_query_arg('update', $update, $redirect)); break; @@ -194,7 +194,7 @@ case 'delete': check_admin_referer('bulk-users'); if ( empty($_POST['users']) ) - header('Location: ' . $redirect); + wp_redirect($redirect); if ( !current_user_can('delete_users') ) $errors = new WP_Error('edit_users', __('You can’t delete users.')); @@ -261,7 +261,7 @@ case 'adduser': else { $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_POST['user_login']), true)); $redirect = add_query_arg('usersearch', $new_user_login, $redirect); - header('Location: ' . add_query_arg('update', $update, $redirect) . '#user-' . $user_id); + wp_redirect(add_query_arg('update', $update, $redirect) . '#user-' . $user_id); die(); } diff --git a/wp-content/themes/default/functions.php b/wp-content/themes/default/functions.php index 7917f013bf..0b2087233f 100644 --- a/wp-content/themes/default/functions.php +++ b/wp-content/themes/default/functions.php @@ -123,7 +123,7 @@ function kubrick_add_theme_page() { } } //print_r($_REQUEST); - header("Location: themes.php?page=functions.php&saved=true"); + wp_redirect("themes.php?page=functions.php&saved=true"); die; } add_action('admin_head', 'kubrick_theme_page_head'); diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 1f767e1d4c..46d26cf1b5 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -221,7 +221,7 @@ function auth_redirect() { (empty($_COOKIE[USER_COOKIE])) ) { nocache_headers(); - header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI'])); + wp_redirect(get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI'])); exit(); } } diff --git a/wp-login.php b/wp-login.php index 67df9c57be..ff80a77491 100644 --- a/wp-login.php +++ b/wp-login.php @@ -30,7 +30,7 @@ case 'logout': $redirect_to = 'wp-login.php'; if ( isset($_REQUEST['redirect_to']) ) - $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_REQUEST['redirect_to']); + $redirect_to = $_REQUEST['redirect_to']; wp_redirect($redirect_to); exit(); @@ -173,7 +173,6 @@ default: $redirect_to = 'wp-admin/'; else $redirect_to = $_REQUEST['redirect_to']; - $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $redirect_to); if( $_POST ) { $user_login = $_POST['log']; @@ -240,7 +239,7 @@ if ( $error )
- +