Make WordPress Core

Ticket #27152: 27152.4.diff

File 27152.4.diff, 3.4 KB (added by swissspidy, 8 years ago)
  • src/wp-includes/functions.php

    diff --git src/wp-includes/functions.php src/wp-includes/functions.php
    index 6dbc510..b3fddfd 100644
    function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { 
    15171517 * @return false|string False on failure. Referer URL on success.
    15181518 */
    15191519function wp_get_referer() {
    1520         if ( ! function_exists( 'wp_validate_redirect' ) )
     1520        if ( ! function_exists( 'wp_validate_redirect' ) ) {
    15211521                return false;
    1522         $ref = false;
    1523         if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
    1524                 $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
    1525         elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) )
    1526                 $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
     1522        }
     1523
     1524        $ref = wp_get_raw_referer();
    15271525
    15281526        if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) && $ref !== home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) ) {
    15291527                return wp_validate_redirect( $ref, false );
    function wp_get_referer() { 
    15331531}
    15341532
    15351533/**
     1534 * Retrieve unvalidated referer from '_wp_http_referer' or HTTP referer.
     1535 *
     1536 * Do not use for redirects, use wp_get_referer() instead.
     1537 *
     1538 * @since 4.5.0
     1539 *
     1540 * @return string|bool Referer URL on success, false on failure.
     1541 */
     1542function wp_get_raw_referer() {
     1543        if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
     1544                return wp_unslash( $_REQUEST['_wp_http_referer'] );
     1545        } else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) {
     1546                return wp_unslash( $_SERVER['HTTP_REFERER'] );
     1547        }
     1548
     1549        return false;
     1550}
     1551
     1552/**
    15361553 * Retrieve original referer that was posted, if it exists.
    15371554 *
    15381555 * @since 2.0.4
  • tests/phpunit/tests/functions/referer.php

    diff --git tests/phpunit/tests/functions/referer.php tests/phpunit/tests/functions/referer.php
    index 053e578..9769acc 100644
     
    66 * @group functions.php
    77 */
    88class Tests_Functions_Referer extends WP_UnitTestCase {
    9         private $request = array();
    10         private $server = array();
    11 
    129        public function setUp() {
    1310                parent::setUp();
    1411
    15                 $this->server  = $_SERVER;
    16                 $this->request = $_REQUEST;
    17         }
    18 
    19         public function tearDown() {
    20                 parent::tearDown();
    21 
    22                 $_SERVER  = $this->server;
    23                 $_REQUEST = $this->request;
     12                $_SERVER['HTTP_REFERER']      = '';
     13                $_SERVER['REQUEST_URI']       = '';
     14                $_REQUEST['_wp_http_referer'] = '';
    2415        }
    2516
    2617        public function _fake_subfolder_install() {
    class Tests_Functions_Referer extends WP_UnitTestCase { 
    122113                $this->assertSame( 'http://another.example.org/test.php?id=123', wp_get_referer() );
    123114                remove_filter( 'allowed_redirect_hosts', array( $this, 'filter_allowed_redirect_hosts' ) );
    124115        }
     116
     117        /**
     118         * @ticket 27152
     119         */
     120        public function test_raw_referer_empty(  ) {
     121                $this->assertFalse( wp_get_raw_referer() );
     122        }
     123
     124        /**
     125         * @ticket 27152
     126         */
     127        public function test_raw_referer(  ) {
     128                $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' );
     129                $this->assertSame( 'http://example.com/foo?bar', wp_get_raw_referer() );
     130        }
     131
     132        /**
     133         * @ticket 27152
     134         */
     135        public function test_raw_referer_from_request(  ) {
     136                $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' );
     137                $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() );
     138        }
     139
     140        /**
     141         * @ticket 27152
     142         */
     143        public function test_raw_referer_both(  ) {
     144                $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' );
     145                $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' );
     146                $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() );
     147        }
    125148}