WordPress.org

Make WordPress Core

Ticket #7001: admin_ssl.3.diff

File admin_ssl.3.diff, 22.8 KB (added by ryan, 6 years ago)

More use of admin_url() and site_url()

  • wp-login.php

     
    137137        $message .= get_option('siteurl') . "\r\n\r\n"; 
    138138        $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 
    139139        $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 
    140         $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n"; 
     140        $message .= site_url("wp-login.php?action=rp&key=$key") . "\r\n"; 
    141141 
    142142        if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) ) 
    143143                die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 
     
    174174        wp_set_password($new_pass, $user->ID); 
    175175        $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 
    176176        $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; 
    177         $message .= get_option('siteurl') . "/wp-login.php\r\n"; 
     177        $message .= site_url('wp-login.php') . "\r\n"; 
    178178 
    179179        if (  !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) ) 
    180180                die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 
     
    405405        if ( !is_wp_error($user) ) { 
    406406                // If the user can't edit posts, send them to their profile. 
    407407                if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) ) 
    408                         $redirect_to = get_option('siteurl') . '/wp-admin/profile.php'; 
     408                        $redirect_to = admin_url('profile.php'); 
    409409                wp_safe_redirect($redirect_to); 
    410410                exit(); 
    411411        } 
  • wp-includes/functions.php

     
    17651765        return 0; 
    17661766} 
    17671767 
     1768function is_ssl() { 
     1769        return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;  
     1770} 
    17681771?> 
  • wp-includes/media.php

     
    306306                return $image; 
    307307 
    308308        if ( $icon && $src = wp_mime_type_icon($attachment_id) ) { 
    309                 $icon_dir = apply_filters( 'icon_dir', ABSPATH . WPINC . '/images/crystal' ); 
     309                $icon_dir = apply_filters( 'icon_dir', includes_url('images/crystal') ); 
    310310                $src_file = $icon_dir . '/' . basename($src); 
    311311                @list($width, $height) = getimagesize($src_file); 
    312312        } 
  • wp-includes/link-template.php

     
    774774 
    775775        return apply_filters('shortcut_link', $link); 
    776776} 
     777 
     778// return the site_url option, using https if is_ssl() is true 
     779// if $scheme is 'http' or 'https' it will override is_ssl() 
     780function site_url($path = '', $scheme = null) { 
     781        // should the list of allowed schemes be maintained elsewhere? 
     782        if ( !in_array($scheme, array('http', 'https')) ) 
     783                $scheme = ( is_ssl() ? 'https' : 'http' ); 
     784 
     785        $url = str_replace( 'http://', "{$scheme}://", get_option('siteurl') ); 
     786 
     787        if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) 
     788                $url .= '/' . ltrim($path, '/'); 
     789 
     790        return $url; 
     791} 
     792 
     793function admin_url($path = '') { 
     794        global $_wp_admin_url; 
     795 
     796        $url = site_url() . '/wp-admin/'; 
     797 
     798        if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) 
     799                $url .= ltrim($path, '/'); 
     800 
     801        return $url; 
     802} 
     803 
     804function includes_url($path = '') { 
     805        global $_wp_includes_url; 
     806 
     807        $url = site_url() . '/' . WPINC . '/'; 
     808 
     809        if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) 
     810                $url .= ltrim($path, '/'); 
     811 
     812        return $url; 
     813} 
     814 
    777815?> 
  • wp-includes/general-template.php

     
    11391139        if ( defined('WP_INSTALLING') ) { 
    11401140                $_file = "./$file.css"; 
    11411141        } else { 
    1142                 $_file = get_option( 'siteurl' ) . "/wp-admin/$file.css"; 
     1142                $_file = admin_url("$file.css"); 
    11431143        } 
    11441144        $_file = add_query_arg( 'version', get_bloginfo( 'version' ),  $_file ); 
    11451145 
  • wp-includes/pluggable.php

     
    469469 */ 
    470470function wp_validate_auth_cookie($cookie = '') { 
    471471        if ( empty($cookie) ) { 
    472                 if ( empty($_COOKIE[AUTH_COOKIE]) ) 
     472                if ( is_ssl() ) 
     473                        $cookie_name = SECURE_AUTH_COOKIE; 
     474                else 
     475                        $cookie_name = AUTH_COOKIE; 
     476 
     477                if ( empty($_COOKIE[$cookie_name]) ) 
    473478                        return false; 
    474                 $cookie = $_COOKIE[AUTH_COOKIE]; 
     479                $cookie = $_COOKIE[$cookie_name]; 
    475480        } 
    476481 
    477482        $cookie_elements = explode('|', $cookie); 
     
    514519 * 
    515520 * @param int $user_id User ID 
    516521 * @param int $expiration Cookie expiration in seconds 
     522 * @param bool $secure Whether the cookie is for https delivery only or not.  Not used by default.  For plugin use. 
    517523 * @return string Authentication cookie contents 
    518524 */ 
    519 function wp_generate_auth_cookie($user_id, $expiration) { 
     525function wp_generate_auth_cookie($user_id, $expiration, $secure = false) { 
    520526        $user = get_userdata($user_id); 
    521527 
    522528        $key = wp_hash($user->user_login . '|' . $expiration); 
     
    524530 
    525531        $cookie = $user->user_login . '|' . $expiration . '|' . $hash; 
    526532 
    527         return apply_filters('auth_cookie', $cookie, $user_id, $expiration); 
     533        return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $secure); 
    528534} 
    529535endif; 
    530536 
     
    550556                $expire = 0; 
    551557        } 
    552558 
    553         $cookie = wp_generate_auth_cookie($user_id, $expiration); 
     559        if ( is_ssl() ) { 
     560                $secure = true; 
     561                $cookie_name = SECURE_AUTH_COOKIE; 
     562        } else { 
     563                $secure = false; 
     564                $cookie_name = AUTH_COOKIE; 
     565        } 
    554566 
    555         do_action('set_auth_cookie', $cookie, $expire); 
     567        $cookie = wp_generate_auth_cookie($user_id, $expiration, $secure); 
    556568 
    557         setcookie(AUTH_COOKIE, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN); 
     569        do_action('set_auth_cookie', $cookie, $expire, $secure); 
     570 
     571        setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); 
    558572        if ( COOKIEPATH != SITECOOKIEPATH ) 
    559                 setcookie(AUTH_COOKIE, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN); 
     573                setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure); 
    560574} 
    561575endif; 
    562576 
     
    569583function wp_clear_auth_cookie() { 
    570584        setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 
    571585        setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 
     586        setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 
     587        setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 
    572588 
    573589        // Old cookies 
    574590        setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 
     
    604620 */ 
    605621function auth_redirect() { 
    606622        // Checks if a user is logged in, if not redirects them to the login page 
    607         if ( (!empty($_COOKIE[AUTH_COOKIE]) && 
    608                                 !wp_validate_auth_cookie($_COOKIE[AUTH_COOKIE])) || 
    609                         (empty($_COOKIE[AUTH_COOKIE])) ) { 
    610                 nocache_headers(); 
    611623 
    612                 wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI'])); 
    613                 exit(); 
     624        if ( is_ssl() || (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) ) 
     625                $secure = true; 
     626        else 
     627                $secure = false; 
     628 
     629        // If https is required and request is http, redirect 
     630        if ( $secure && !is_ssl() ) { 
     631                if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) { 
     632                        wp_redirect(str_replace('http://', 'https://', $_SERVER['REQUEST_URI'])); 
     633                        exit(); 
     634                } else { 
     635                        wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
     636                        exit();                  
     637                } 
    614638        } 
     639 
     640        if ( wp_validate_auth_cookie() ) 
     641                return;  // The cookie is good so we're done 
     642 
     643        // The cookie is no good so force login 
     644        nocache_headers(); 
     645 
     646        $login_url = get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']); 
     647 
     648        //  Redirect to https if connection is secure 
     649        if ( $secure ) 
     650                $login_url = str_replace('http://', 'https://', $login_url); 
     651        wp_redirect($login_url); 
     652        exit(); 
    615653} 
    616654endif; 
    617655 
  • wp-includes/script-loader.php

     
    77require( ABSPATH . WPINC . '/functions.wp-styles.php' ); 
    88 
    99function wp_default_scripts( &$scripts ) { 
    10         $scripts->base_url = get_option( 'siteurl' ); 
     10        $scripts->base_url = site_url(); 
    1111        $scripts->default_version = get_bloginfo( 'version' ); 
    1212 
    1313        $scripts->add( 'common', '/wp-admin/js/common.js', array('jquery'), '20080318' ); 
     
    5050 
    5151        $scripts->add( 'wp-lists', '/wp-includes/js/wp-lists.js', array('wp-ajax-response'), '20080411' ); 
    5252        $scripts->localize( 'wp-lists', 'wpListL10n', array( 
    53                 'url' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php' 
     53                'url' => admin_url('admin-ajax.php') 
    5454        ) ); 
    5555 
    5656        $scripts->add( 'scriptaculous-root', '/wp-includes/js/scriptaculous/scriptaculous.js', array('prototype'), '1.8.0'); 
     
    129129                $scripts->add( 'upload', '/wp-admin/js/upload.js', array('jquery'), '20070518' ); 
    130130                $scripts->add( 'postbox', '/wp-admin/js/postbox.js', array('jquery'), '20080128' ); 
    131131                $scripts->localize( 'postbox', 'postboxL10n', array( 
    132                         'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php', 
     132                        'requestFile' => admin_url('admin-ajax.php'), 
    133133                ) ); 
    134134                $scripts->add( 'slug', '/wp-admin/js/slug.js', array('jquery'), '20080208' ); 
    135135                $scripts->localize( 'slug', 'slugL10n', array( 
    136                         'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php', 
     136                        'requestFile' => admin_url('admin-ajax.php'), 
    137137                        'save' => __('Save'), 
    138138                        'cancel' => __('Cancel'), 
    139139                ) ); 
     
    204204} 
    205205 
    206206function wp_default_styles( &$styles ) { 
    207         $styles->base_url = get_option( 'siteurl' ); 
     207        $styles->base_url = site_url(); 
    208208        $styles->default_version = get_bloginfo( 'version' ); 
    209209        $styles->text_direction = 'rtl' == get_bloginfo( 'text_direction' ) ? 'rtl' : 'ltr'; 
    210210 
     
    258258                'autosaveInterval' => AUTOSAVE_INTERVAL, 
    259259                'previewPageText' => __('Preview this Page'), 
    260260                'previewPostText' => __('Preview this Post'), 
    261                 'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php', 
     261                'requestFile' => admin_url('admin-ajax.php'), 
    262262                'savingText' => __('Saving Draft&#8230;') 
    263263        ) ); 
    264264} 
  • wp-settings.php

     
    311311 
    312312/** 
    313313 * It is possible to define this in wp-config.php 
     314 * @since 2.6 
     315 */ 
     316if ( !defined('SECURE_AUTH_COOKIE') ) 
     317        define('SECURE_AUTH_COOKIE', 'wordpress_sec_' . COOKIEHASH); 
     318 
     319/** 
     320 * It is possible to define this in wp-config.php 
    314321 * @since 2.3.0 
    315322 */ 
    316323if ( !defined('TEST_COOKIE') ) 
  • wp-admin/users.php

     
    396396 
    397397<?php 
    398398        if ( get_option('users_can_register') ) 
    399                 echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_option('siteurl').'/wp-register.php') . '</p>'; 
     399                echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), site_url('wp-register.php')) . '</p>'; 
    400400        else 
    401                 echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), get_option('siteurl').'/wp-admin/options-general.php#users_can_register') . '</p>'; 
     401                echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), admin_url('options-general.php#users_can_register')) . '</p>'; 
    402402?> 
    403403<form action="#add-new-user" method="post" name="adduser" id="adduser" class="add:users: validate"> 
    404404<?php wp_nonce_field('add-user') ?> 
  • wp-admin/includes/dashboard.php

     
    225225        } 
    226226 
    227227        if ( $widget_feed_link ) 
    228                 $links[] = '<img class="rss-icon" src="' . get_option( 'siteurl' ) . '/' . WPINC . '/images/rss.png" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>'; 
     228                $links[] = '<img class="rss-icon" src="' . includes_url('images/rss.png') . '" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>'; 
    229229 
    230230        $links = apply_filters( "wp_dashboard_widget_links_$widget_id", $links ); 
    231231 
  • wp-admin/post.php

     
    159159        } 
    160160 
    161161        $sendback = wp_get_referer(); 
    162         if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php'; 
    163         elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php'; 
     162        if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('post-new.php'); 
     163        elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php'); 
    164164        $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback); 
    165165        wp_redirect($sendback); 
    166166        exit(); 
  • wp-admin/admin.php

     
    2626 
    2727wp_reset_vars(array('profile', 'redirect', 'redirect_url', 'a', 'popuptitle', 'popupurl', 'text', 'trackback', 'pingback')); 
    2828 
    29 wp_admin_css_color('classic', __('Classic'), get_option( 'siteurl' ) . "/wp-admin/css/colors-classic.css", array('#07273E', '#14568A', '#D54E21', '#2683AE')); 
    30 wp_admin_css_color('fresh', __('Fresh'), get_option( 'siteurl' ) . "/wp-admin/css/colors-fresh.css", array('#464646', '#CEE1EF', '#D54E21', '#2683AE')); 
     29wp_admin_css_color('classic', __('Classic'), admin_url("css/colors-classic.css"), array('#07273E', '#14568A', '#D54E21', '#2683AE')); 
     30wp_admin_css_color('fresh', __('Fresh'), admin_url("css/colors-fresh.css"), array('#464646', '#CEE1EF', '#D54E21', '#2683AE')); 
    3131 
    3232wp_enqueue_script( 'common' ); 
    3333wp_enqueue_script( 'jquery-color' ); 
  • wp-admin/custom-header.php

     
    189189<div id="desc"><?php bloginfo('description');?></div> 
    190190</div> 
    191191<?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?> 
    192 <form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true"> 
     192<form method="post" action="<?php echo admin_url('themes.php?page=custom-header&amp;updated=true') ?>"> 
    193193<input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" /> 
    194194<input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" /> 
    195195<?php wp_nonce_field('custom-header') ?> 
  • wp-admin/comment.php

     
    7878 
    7979<table width="100%"> 
    8080<tr> 
    81 <td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo get_option('siteurl'); ?>/wp-admin/edit-comments.php';" /></td> 
     81<td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td> 
    8282<td class="textright"><input type='submit' class="button" value='<?php echo $button; ?>' /></td> 
    8383</tr> 
    8484</table> 
     
    146146        else if ( '' != wp_get_original_referer() && false == $noredir ) 
    147147                wp_redirect( wp_get_original_referer() ); 
    148148        else 
    149                 wp_redirect( get_option('siteurl') . '/wp-admin/edit-comments.php' ); 
     149                wp_redirect( admin_url('edit-comments.php') ); 
    150150 
    151151        die; 
    152152        break; 
     
    171171        if ( '' != wp_get_referer() && false == $noredir ) 
    172172                wp_redirect( wp_get_referer() ); 
    173173        else 
    174                 wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' ); 
     174                wp_redirect( admin_url('edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments') ); 
    175175 
    176176        exit(); 
    177177        break; 
     
    200200        if ( '' != wp_get_referer() && false == $noredir ) 
    201201                wp_redirect( wp_get_referer() ); 
    202202        else 
    203                 wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' ); 
     203                wp_redirect( admin_url('edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments') ); 
    204204 
    205205        exit(); 
    206206        break; 
  • wp-admin/admin-header.php

     
    8585        <a href="http://gears.google.com/" target="_blank" style="font-weight:normal;"><?php _e('More information...'); ?></a></p> 
    8686        <p><?php _e('After installing and enabling it, most of the WordPress images, scripts and CSS files will be stored on this computer. This will speed up page loading.'); ?></p> 
    8787        <p><strong><?php _e('Please make sure you are not using a public or shared computer.'); ?></strong></p> 
    88         <div class="submit"><button onclick="window.location = 'http://gears.google.com/?action=install&return=<?php echo get_option('siteurl') . '/wp-admin/'; ?>';" class="button"><?php _e('Install Now'); ?></button> 
     88        <div class="submit"><button onclick="window.location = 'http://gears.google.com/?action=install&return=<?php echo admin_url() ?>';" class="button"><?php _e('Install Now'); ?></button> 
    8989        <button class="button" style="margin-left:10px;" onclick="document.getElementById('gears-info-box').style.display='none';">Cancel</button></div> 
    9090        </div> 
    9191 
     
    109109 
    110110<?php } ?> 
    111111 
    112 <div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div> 
     112<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div> 
    113113 
    114114<?php 
    115115require(ABSPATH . 'wp-admin/menu-header.php'); 
  • wp-admin/edit.php

     
    2020        } 
    2121 
    2222        $sendback = wp_get_referer(); 
    23         if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php'; 
    24         elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php'; 
     23        if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('post-new.php'); 
     24        elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php'); 
    2525        $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback); 
    2626 
    2727        wp_redirect($sendback); 
  • wp-admin/page.php

     
    148148        } 
    149149 
    150150        $sendback = wp_get_referer(); 
    151         if (strpos($sendback, 'page.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/page.php'; 
    152         elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php'; 
     151        if (strpos($sendback, 'page.php') !== false) $sendback = admin_url('page.php'); 
     152        elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php'); 
    153153        $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback); 
    154154        wp_redirect($sendback); 
    155155        exit(); 
  • wp-admin/edit-pages.php

     
    2020        } 
    2121 
    2222        $sendback = wp_get_referer(); 
    23         if (strpos($sendback, 'page.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/page-new.php'; 
    24         elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php'; 
     23        if (strpos($sendback, 'page.php') !== false) $sendback = admin_url('page-new.php'); 
     24        elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php'); 
    2525        $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback); 
    2626 
    2727        wp_redirect($sendback); 
  • wp-admin/themes.php

     
    5757<h2><?php _e('Current Theme'); ?></h2> 
    5858<div id="current-theme"> 
    5959<?php if ( $ct->screenshot ) : ?> 
    60 <img src="<?php echo get_option('siteurl') . '/' . $ct->stylesheet_dir . '/' . $ct->screenshot; ?>" alt="<?php _e('Current theme preview'); ?>" /> 
     60<img src="<?php echo site_url($ct->stylesheet_dir . '/' . $ct->screenshot); ?>" alt="<?php _e('Current theme preview'); ?>" /> 
    6161<?php endif; ?> 
    6262<h3><?php printf(_c('%1$s %2$s by %3$s|1: theme title, 2: theme version, 3: theme author'), $ct->title, $ct->version, $ct->author) ; ?></h3> 
    6363<p class="description"><?php echo $ct->description; ?></p> 
     
    126126?> 
    127127                <a href="<?php echo $activate_link; ?>" class="<?php echo $thickbox_class; ?> screenshot"> 
    128128<?php if ( $screenshot ) : ?> 
    129                         <img src="<?php echo ( $tpage == 'stage' ) ? $screenshot : get_option('siteurl') . '/' . $stylesheet_dir . '/' . $screenshot; ?>" alt="" /> 
     129                        <img src="<?php echo ( $tpage == 'stage' ) ? $screenshot : site_url($stylesheet_dir . '/' . $screenshot); ?>" alt="" /> 
    130130<?php endif; ?> 
    131131                </a> 
    132132                <h3><a class="<?php echo $thickbox_class; ?>" href="<?php echo $activate_link; ?>"><?php echo $title; ?></a></h3>