Make WordPress Core

Ticket #27152: 27152.3.diff

File 27152.3.diff, 2.8 KB (added by swissspidy, 8 years ago)
  • src/wp-includes/functions.php

    diff --git src/wp-includes/functions.php src/wp-includes/functions.php
    index 6dbc510..16caa5b 100644
    function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { 
    15171517 * @return false|string False on failure. Referer URL on success.
    15181518 */
    15191519function wp_get_referer() {
    1520         if ( ! function_exists( 'wp_validate_redirect' ) )
     1520        if ( ! function_exists( 'wp_validate_redirect' ) ) {
    15211521                return false;
    1522         $ref = false;
    1523         if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
    1524                 $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
    1525         elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) )
    1526                 $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
     1522        }
     1523
     1524        $ref = wp_get_raw_referer();
    15271525
    15281526        if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) && $ref !== home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) ) {
    15291527                return wp_validate_redirect( $ref, false );
    function wp_get_referer() { 
    15331531}
    15341532
    15351533/**
     1534 * Retrieve unvalidated referer from '_wp_http_referer' or HTTP referer.
     1535 *
     1536 * @since 4.5.0
     1537 *
     1538 * @return string|bool Referer URL on success, false on failure.
     1539 */
     1540function wp_get_raw_referer() {
     1541        if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
     1542                return wp_unslash( $_REQUEST['_wp_http_referer'] );
     1543        } else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) {
     1544                return wp_unslash( $_SERVER['HTTP_REFERER'] );
     1545        }
     1546
     1547        return false;
     1548}
     1549
     1550/**
    15361551 * Retrieve original referer that was posted, if it exists.
    15371552 *
    15381553 * @since 2.0.4
  • tests/phpunit/tests/functions/referer.php

    diff --git tests/phpunit/tests/functions/referer.php tests/phpunit/tests/functions/referer.php
    index 053e578..ba5779a 100644
    class Tests_Functions_Referer extends WP_UnitTestCase { 
    122122                $this->assertSame( 'http://another.example.org/test.php?id=123', wp_get_referer() );
    123123                remove_filter( 'allowed_redirect_hosts', array( $this, 'filter_allowed_redirect_hosts' ) );
    124124        }
     125
     126        /**
     127         * @ticket 27152
     128         */
     129        public function test_raw_referer_empty(  ) {
     130                $this->assertFalse( wp_get_raw_referer() );
     131        }
     132
     133        /**
     134         * @ticket 27152
     135         */
     136        public function test_raw_referer(  ) {
     137                $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' );
     138                $this->assertSame( 'http://example.com/foo?bar', wp_get_raw_referer() );
     139        }
     140
     141        /**
     142         * @ticket 27152
     143         */
     144        public function test_raw_referer_from_request(  ) {
     145                $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' );
     146                $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() );
     147        }
     148
     149        /**
     150         * @ticket 27152
     151         */
     152        public function test_raw_referer_both(  ) {
     153                $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' );
     154                $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' );
     155                $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() );
     156        }
    125157}