WordPress.org
Get WordPress

Make WordPress Core

Changeset 11610


Ignore:
Timestamp:
06/19/2009 07:30:17 PM (16 years ago)
Author:
markjaquith
Message:

Create wp_validate_redirect(), have the upgrade done link use it. props Westi. fixes #10193 for trunk

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/upgrade.php

    r11384 r11610  
    6969    case 1:
    7070        wp_upgrade();
    71 
    72         if ( empty( $_GET['backto'] ) )
    73             $backto = __get_option( 'home' ) . '/';
    74         else {
    75             $backto = stripslashes( urldecode( $_GET['backto'] ) );
     71           
     72            $backto = empty($_GET['backto']) ? '' : $_GET['backto'] ;
     73            $backto = stripslashes( urldecode( $backto ) );
    7674            $backto = esc_url_raw( $backto  );
    77         }
     75            $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
    7876?>
    7977<h2><?php _e( 'Upgrade Complete' ); ?></h2>

  • trunk/wp-includes/pluggable.php

    r11506 r11610  
    909909 *
    910910 * @since 2.3
    911  * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
    912  *      WordPress host string and $location host string.
     911 * @uses wp_validate_redirect() To validate the redirect is to an allowed host.
    913912 *
    914913 * @return void Does not return anything
     
    919918    $location = wp_sanitize_redirect($location);
    920919
     920    $location = wp_validate_redirect($location, admin_url());
     921
     922    wp_redirect($location, $status);
     923}
     924endif;
     925
     926if ( !function_exists('wp_validate_redirect') ) :
     927/**
     928 * Validates a URL for use in a redirect.
     929 *
     930 * Checks whether the $location is using an allowed host, if it has an absolute
     931 * path. A plugin can therefore set or remove allowed host(s) to or from the
     932 * list.
     933 *
     934 * If the host is not allowed, then the redirect is to $default supplied
     935 *
     936 * @since 2.8.1
     937 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
     938 *      WordPress host string and $location host string.
     939 *
     940 * @param string $location The redirect to validate
     941 * @param string $default The value to return is $location is not allowed
     942 * @return string redirect-sanitized URL
     943 **/
     944function wp_validate_redirect($location, $default = '') {
    921945    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    922946    if ( substr($location, 0, 2) == '//' )
     
    932956
    933957    if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
    934         $location = admin_url();
    935 
    936     wp_redirect($location, $status);
     958        $location = $default;
     959
     960    return $location;
    937961}
    938962endif;
Note: See TracChangeset for help on using the changeset viewer.