Ticket #17628: 17628.diff

wp-includes/functions.php

@@ -2038 +2038 @@
 }
 
 /**
- * Retrieve referer from '_wp_http_referer', HTTP referer, or current page respectively.
+ * Retrieve referer from '_wp_http_referer' or HTTP referer. If it's the same
+ * as the current request URL, will return false.
  *
  * @package WordPress
  * @subpackage Security
@@ -2047 +2048 @@
  * @return string|bool False on failure. Referer URL on success.
  */
 function wp_get_referer() {
-        $ref = '';
+        $ref = false;
         if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
                 $ref = $_REQUEST['_wp_http_referer'];
         else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
                 $ref = $_SERVER['HTTP_REFERER'];
 
-        if ( $ref !== $_SERVER['REQUEST_URI'] )
+        if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
                 return $ref;
         return false;
 }

wp-admin/post.php

@@ -94 +94 @@
         $action = 'preview';
 
 $sendback = wp_get_referer();
-if ( strpos($sendback, 'post.php') !== false || strpos($sendback, 'post-new.php') !== false ) {
+if ( !$sendback ||
+     strpos($sendback, 'post.php') !== false ||
+     strpos($sendback, 'post-new.php') !== false ) {
         $sendback = admin_url('edit.php');
         $sendback .= ( !empty( $post_type ) ) ? '?post_type=' . $post_type : '';
 } else {

wp-admin/edit.php

@@ -51 +51 @@
         check_admin_referer('bulk-posts');
 
         $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), wp_get_referer() );
+        if ( !$sendback )
+                $sendback = admin_url($parent_file);
         $sendback = add_query_arg( 'paged', $pagenum, $sendback );
         if ( strpos($sendback, 'post.php') !== false )
                 $sendback = admin_url($post_new_file);