Changes from branches/2.8/wp-includes/pluggable.php at r11616 to trunk/wp-includes/pluggable.php at r11506
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/pluggable.php
r11616 r11506 881 881 882 882 // remove %0d and %0a from location 883 $strip = array('%0d', '%0a', '%0D', '%0A'); 884 $location = _deep_replace($strip, $location); 883 $strip = array('%0d', '%0a'); 884 $found = true; 885 while($found) { 886 $found = false; 887 foreach( (array) $strip as $val ) { 888 while(strpos($location, $val) !== false) { 889 $found = true; 890 $location = str_replace($val, '', $location); 891 } 892 } 893 } 885 894 return $location; 886 895 } … … 900 909 * 901 910 * @since 2.3 902 * @uses wp_validate_redirect() To validate the redirect is to an allowed host. 911 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing 912 * WordPress host string and $location host string. 903 913 * 904 914 * @return void Does not return anything … … 909 919 $location = wp_sanitize_redirect($location); 910 920 911 $location = wp_validate_redirect($location, admin_url());912 913 wp_redirect($location, $status);914 }915 endif;916 917 if ( !function_exists('wp_validate_redirect') ) :918 /**919 * Validates a URL for use in a redirect.920 *921 * Checks whether the $location is using an allowed host, if it has an absolute922 * path. A plugin can therefore set or remove allowed host(s) to or from the923 * list.924 *925 * If the host is not allowed, then the redirect is to $default supplied926 *927 * @since 2.8.1928 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing929 * WordPress host string and $location host string.930 *931 * @param string $location The redirect to validate932 * @param string $default The value to return is $location is not allowed933 * @return string redirect-sanitized URL934 **/935 function wp_validate_redirect($location, $default = '') {936 921 // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' 937 922 if ( substr($location, 0, 2) == '//' ) … … 947 932 948 933 if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) ) 949 $location = $default;950 951 return $location;934 $location = admin_url(); 935 936 wp_redirect($location, $status); 952 937 } 953 938 endif;
Note: See TracChangeset
for help on using the changeset viewer.