Index: wp-pass.php
===================================================================
--- wp-pass.php	(revision 5904)
+++ wp-pass.php	(working copy)
@@ -7,5 +7,18 @@
 // 10 days
 setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
 
-wp_redirect(wp_get_referer());
+
+/* 
+ * ensure to only redirect to pages on the same domain 
+ *
+ * @see #4606
+ */
+$redirect_url = wp_get_referer();
+$bloghome_url = get_option('home');
+
+if (substr($redirect_url, 0, strlen($bloghome_url)) != $bloghome_url) {
+	wp_die('Request Error. Please contact the Administrator.');
+} else {
+	wp_redirect($redirect_url);
+}
 ?>
\ No newline at end of file