diff --git src/wp-includes/functions.php src/wp-includes/functions.php
index 6dbc510..16caa5b 100644
|
|
function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { |
1517 | 1517 | * @return false|string False on failure. Referer URL on success. |
1518 | 1518 | */ |
1519 | 1519 | function wp_get_referer() { |
1520 | | if ( ! function_exists( 'wp_validate_redirect' ) ) |
| 1520 | if ( ! function_exists( 'wp_validate_redirect' ) ) { |
1521 | 1521 | return false; |
1522 | | $ref = false; |
1523 | | if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) |
1524 | | $ref = wp_unslash( $_REQUEST['_wp_http_referer'] ); |
1525 | | elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) ) |
1526 | | $ref = wp_unslash( $_SERVER['HTTP_REFERER'] ); |
| 1522 | } |
| 1523 | |
| 1524 | $ref = wp_get_raw_referer(); |
1527 | 1525 | |
1528 | 1526 | if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) && $ref !== home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) ) { |
1529 | 1527 | return wp_validate_redirect( $ref, false ); |
… |
… |
function wp_get_referer() { |
1533 | 1531 | } |
1534 | 1532 | |
1535 | 1533 | /** |
| 1534 | * Retrieve unvalidated referer from '_wp_http_referer' or HTTP referer. |
| 1535 | * |
| 1536 | * @since 4.5.0 |
| 1537 | * |
| 1538 | * @return string|bool Referer URL on success, false on failure. |
| 1539 | */ |
| 1540 | function wp_get_raw_referer() { |
| 1541 | if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) { |
| 1542 | return wp_unslash( $_REQUEST['_wp_http_referer'] ); |
| 1543 | } else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) { |
| 1544 | return wp_unslash( $_SERVER['HTTP_REFERER'] ); |
| 1545 | } |
| 1546 | |
| 1547 | return false; |
| 1548 | } |
| 1549 | |
| 1550 | /** |
1536 | 1551 | * Retrieve original referer that was posted, if it exists. |
1537 | 1552 | * |
1538 | 1553 | * @since 2.0.4 |
diff --git tests/phpunit/tests/functions/referer.php tests/phpunit/tests/functions/referer.php
index 053e578..ba5779a 100644
|
|
class Tests_Functions_Referer extends WP_UnitTestCase { |
122 | 122 | $this->assertSame( 'http://another.example.org/test.php?id=123', wp_get_referer() ); |
123 | 123 | remove_filter( 'allowed_redirect_hosts', array( $this, 'filter_allowed_redirect_hosts' ) ); |
124 | 124 | } |
| 125 | |
| 126 | /** |
| 127 | * @ticket 27152 |
| 128 | */ |
| 129 | public function test_raw_referer_empty( ) { |
| 130 | $this->assertFalse( wp_get_raw_referer() ); |
| 131 | } |
| 132 | |
| 133 | /** |
| 134 | * @ticket 27152 |
| 135 | */ |
| 136 | public function test_raw_referer( ) { |
| 137 | $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' ); |
| 138 | $this->assertSame( 'http://example.com/foo?bar', wp_get_raw_referer() ); |
| 139 | } |
| 140 | |
| 141 | /** |
| 142 | * @ticket 27152 |
| 143 | */ |
| 144 | public function test_raw_referer_from_request( ) { |
| 145 | $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' ); |
| 146 | $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() ); |
| 147 | } |
| 148 | |
| 149 | /** |
| 150 | * @ticket 27152 |
| 151 | */ |
| 152 | public function test_raw_referer_both( ) { |
| 153 | $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' ); |
| 154 | $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' ); |
| 155 | $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() ); |
| 156 | } |
125 | 157 | } |