Ticket #2800: 2800.diff

functions.php

@@ -1051 +1051 @@
         echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
 }
 
+function wp_nonce_field($action = -1) {
+        echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+        wp_referer_field();
+}
+
+function wp_referer_field() {
+        echo '<input type="hidden" name="_wphttp_referer" value="'. wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+}
+
 function wp_mkdir_p($target) {
         // from php.net/mkdir user contributed notes
         if (file_exists($target)) {

pluggable-functions.php

@@ -231 +231 @@
 function check_admin_referer($action = -1) {
         global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
         $adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
-        $referer = strtolower($_SERVER['HTTP_REFERER']);
+        $referer = (empty($_POST['_wphttp_referer'])) ? strtolower($_SERVER['HTTP_REFERER']) : strtolower($_POST['wp_http_referer']);
         if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
                 !(-1 == $action && strstr($referer, $adminurl)) ) {
                 if ( $referer )