WordPress.org
Get WordPress

Make WordPress Core

Ticket #32637: 32637.4.diff

File 32637.4.diff, 689 bytes (added by westonruter, 10 years ago)

Unslash HTTP_REFERER; use strpos() for starts-with, not contains. Remove whitespace errors.

  • src/wp-admin/customize.php 

    diff --git src/wp-admin/customize.php src/wp-admin/customize.php
index 6ee2de0..3aaa932 100644
    if ( $return ) { 
    2626if ( ! $return ) {
    2727        if ( $url ) {
    2828                $return = $url;
    29         } elseif ( current_user_can( 'edit_theme_options' ) || current_user_can( 'switch_themes' ) ) {
    30                 $return = admin_url( 'themes.php' );
    31         } else {
     29        } elseif (
     30                ( current_user_can( 'edit_theme_options' ) || current_user_can( 'switch_themes' ) ) ||
     31                ( isset( $_SERVER['HTTP_REFERER'] ) && 0 === strpos( wp_unslash( $_SERVER['HTTP_REFERER'] ), admin_url() ) )
     32        ) {
    3233                $return = admin_url();
     34        } else {
     35                $return = home_url();
    3336        }
    3437}
    3538