Ticket #27152: 27152.4.diff

src/wp-includes/functions.php

@@ -1517 +1517 @@
  * @return false|string False on failure. Referer URL on success.
  */
 function wp_get_referer() {
-        if ( ! function_exists( 'wp_validate_redirect' ) )
+        if ( ! function_exists( 'wp_validate_redirect' ) ) {
                 return false;
-        $ref = false;
-        if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
-                $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
-        elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) )
-                $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
+        }
+
+        $ref = wp_get_raw_referer();
 
         if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) && $ref !== home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) ) {
                 return wp_validate_redirect( $ref, false );
@@ -1533 +1531 @@
 }
 
 /**
+ * Retrieve unvalidated referer from '_wp_http_referer' or HTTP referer.
+ *
+ * Do not use for redirects, use wp_get_referer() instead.
+ *
+ * @since 4.5.0
+ *
+ * @return string|bool Referer URL on success, false on failure.
+ */
+function wp_get_raw_referer() {
+        if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
+                return wp_unslash( $_REQUEST['_wp_http_referer'] );
+        } else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) {
+                return wp_unslash( $_SERVER['HTTP_REFERER'] );
+        }
+
+        return false;
+}
+
+/**
  * Retrieve original referer that was posted, if it exists.
  *
  * @since 2.0.4

tests/phpunit/tests/functions/referer.php

@@ -6 +6 @@
  * @group functions.php
  */
 class Tests_Functions_Referer extends WP_UnitTestCase {
-        private $request = array();
-        private $server = array();
-
         public function setUp() {
                 parent::setUp();
 
-                $this->server  = $_SERVER;
-                $this->request = $_REQUEST;
-        }
-
-        public function tearDown() {
-                parent::tearDown();
-
-                $_SERVER  = $this->server;
-                $_REQUEST = $this->request;
+                $_SERVER['HTTP_REFERER']      = '';
+                $_SERVER['REQUEST_URI']       = '';
+                $_REQUEST['_wp_http_referer'] = '';
         }
 
         public function _fake_subfolder_install() {
@@ -122 +113 @@
                 $this->assertSame( 'http://another.example.org/test.php?id=123', wp_get_referer() );
                 remove_filter( 'allowed_redirect_hosts', array( $this, 'filter_allowed_redirect_hosts' ) );
         }
+
+        /**
+         * @ticket 27152
+         */
+        public function test_raw_referer_empty(  ) {
+                $this->assertFalse( wp_get_raw_referer() );
+        }
+
+        /**
+         * @ticket 27152
+         */
+        public function test_raw_referer(  ) {
+                $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' );
+                $this->assertSame( 'http://example.com/foo?bar', wp_get_raw_referer() );
+        }
+
+        /**
+         * @ticket 27152
+         */
+        public function test_raw_referer_from_request(  ) {
+                $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' );
+                $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() );
+        }
+
+        /**
+         * @ticket 27152
+         */
+        public function test_raw_referer_both(  ) {
+                $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' );
+                $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' );
+                $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() );
+        }
 }