diff --git wp-includes/pluggable.php wp-includes/pluggable.php
index d58f189..7410233 100644
|
|
|
if ( !function_exists('wp_validate_redirect') ) : |
| 1321 | 1321 | function wp_validate_redirect($location, $default = '') { |
| 1322 | 1322 | $location = trim( $location ); |
| 1323 | 1323 | // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' |
| 1324 | | if ( substr($location, 0, 2) == '//' ) |
| | 1324 | if ( substr($location, 0, 2) == '//' ) { |
| 1325 | 1325 | $location = 'http:' . $location; |
| | 1326 | } |
| 1326 | 1327 | |
| 1327 | 1328 | // In php 5 parse_url may fail if the URL query part contains http://, bug #38143 |
| 1328 | 1329 | $test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location; |
| … |
… |
function wp_validate_redirect($location, $default = '') { |
| 1330 | 1331 | $lp = parse_url($test); |
| 1331 | 1332 | |
| 1332 | 1333 | // Give up if malformed URL |
| 1333 | | if ( false === $lp ) |
| | 1334 | if ( false === $lp ) { |
| 1334 | 1335 | return $default; |
| | 1336 | } |
| 1335 | 1337 | |
| 1336 | 1338 | // Allow only http and https schemes. No data:, etc. |
| 1337 | | if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) ) |
| | 1339 | if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) ) { |
| 1338 | 1340 | return $default; |
| | 1341 | } |
| 1339 | 1342 | |
| 1340 | 1343 | // Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field. |
| 1341 | | if ( isset($lp['scheme']) && !isset($lp['host']) ) |
| | 1344 | if ( isset($lp['scheme']) && !isset($lp['host']) ) { |
| 1342 | 1345 | return $default; |
| | 1346 | } |
| 1343 | 1347 | |
| 1344 | | $wpp = parse_url(home_url()); |
| | 1348 | $home = parse_url(home_url()); |
| | 1349 | $site = parse_url(site_url()); |
| 1345 | 1350 | |
| 1346 | 1351 | /** |
| 1347 | 1352 | * Filter the whitelist of hosts to redirect to. |
| … |
… |
function wp_validate_redirect($location, $default = '') { |
| 1351 | 1356 | * @param array $hosts An array of allowed hosts. |
| 1352 | 1357 | * @param bool|string $host The parsed host; empty if not isset. |
| 1353 | 1358 | */ |
| 1354 | | $allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '' ); |
| | 1359 | $allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array( $home['host'], $site['host'] ), isset( $lp['host'] ) ? $lp['host'] : '' ); |
| 1355 | 1360 | |
| 1356 | | if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) ) |
| | 1361 | if ( isset( $lp['host'] ) && ( !in_array( $lp['host'], $allowed_hosts ) && ( $lp['host'] != strtolower( $home['host'] ) || $lp['host'] != strtolower( $site['host'] ) ) ) ) { |
| 1357 | 1362 | $location = $default; |
| | 1363 | } |
| 1358 | 1364 | |
| 1359 | 1365 | return $location; |
| 1360 | 1366 | } |