Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.8/wp-includes/pluggable.php

    r11506 r11616  
    881881
    882882    // remove %0d and %0a from location
    883     $strip = array('%0d', '%0a');
    884     $found = true;
    885     while($found) {
    886         $found = false;
    887         foreach( (array) $strip as $val ) {
    888             while(strpos($location, $val) !== false) {
    889                 $found = true;
    890                 $location = str_replace($val, '', $location);
    891             }
    892         }
    893     }
     883    $strip = array('%0d', '%0a', '%0D', '%0A');
     884    $location = _deep_replace($strip, $location);
    894885    return $location;
    895886}
     
    909900 *
    910901 * @since 2.3
    911  * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
    912  *      WordPress host string and $location host string.
     902 * @uses wp_validate_redirect() To validate the redirect is to an allowed host.
    913903 *
    914904 * @return void Does not return anything
     
    919909    $location = wp_sanitize_redirect($location);
    920910
     911    $location = wp_validate_redirect($location, admin_url());
     912
     913    wp_redirect($location, $status);
     914}
     915endif;
     916
     917if ( !function_exists('wp_validate_redirect') ) :
     918/**
     919 * Validates a URL for use in a redirect.
     920 *
     921 * Checks whether the $location is using an allowed host, if it has an absolute
     922 * path. A plugin can therefore set or remove allowed host(s) to or from the
     923 * list.
     924 *
     925 * If the host is not allowed, then the redirect is to $default supplied
     926 *
     927 * @since 2.8.1
     928 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
     929 *      WordPress host string and $location host string.
     930 *
     931 * @param string $location The redirect to validate
     932 * @param string $default The value to return is $location is not allowed
     933 * @return string redirect-sanitized URL
     934 **/
     935function wp_validate_redirect($location, $default = '') {
    921936    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    922937    if ( substr($location, 0, 2) == '//' )
     
    932947
    933948    if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
    934         $location = admin_url();
    935 
    936     wp_redirect($location, $status);
     949        $location = $default;
     950
     951    return $location;
    937952}
    938953endif;
Note: See TracChangeset for help on using the changeset viewer.