Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r11616 r11506  
    881881
    882882    // remove %0d and %0a from location
    883     $strip = array('%0d', '%0a', '%0D', '%0A');
    884     $location = _deep_replace($strip, $location);
     883    $strip = array('%0d', '%0a');
     884    $found = true;
     885    while($found) {
     886        $found = false;
     887        foreach( (array) $strip as $val ) {
     888            while(strpos($location, $val) !== false) {
     889                $found = true;
     890                $location = str_replace($val, '', $location);
     891            }
     892        }
     893    }
    885894    return $location;
    886895}
     
    900909 *
    901910 * @since 2.3
    902  * @uses wp_validate_redirect() To validate the redirect is to an allowed host.
     911 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
     912 *      WordPress host string and $location host string.
    903913 *
    904914 * @return void Does not return anything
     
    909919    $location = wp_sanitize_redirect($location);
    910920
    911     $location = wp_validate_redirect($location, admin_url());
    912 
    913     wp_redirect($location, $status);
    914 }
    915 endif;
    916 
    917 if ( !function_exists('wp_validate_redirect') ) :
    918 /**
    919  * Validates a URL for use in a redirect.
    920  *
    921  * Checks whether the $location is using an allowed host, if it has an absolute
    922  * path. A plugin can therefore set or remove allowed host(s) to or from the
    923  * list.
    924  *
    925  * If the host is not allowed, then the redirect is to $default supplied
    926  *
    927  * @since 2.8.1
    928  * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
    929  *      WordPress host string and $location host string.
    930  *
    931  * @param string $location The redirect to validate
    932  * @param string $default The value to return is $location is not allowed
    933  * @return string redirect-sanitized URL
    934  **/
    935 function wp_validate_redirect($location, $default = '') {
    936921    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    937922    if ( substr($location, 0, 2) == '//' )
     
    947932
    948933    if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
    949         $location = $default;
    950 
    951     return $location;
     934        $location = admin_url();
     935
     936    wp_redirect($location, $status);
    952937}
    953938endif;
Note: See TracChangeset for help on using the changeset viewer.