Changes from trunk/wp-includes/pluggable.php at r11506 to branches/2.8/wp-includes/pluggable.php at r11616
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.8/wp-includes/pluggable.php
r11506 r11616 881 881 882 882 // remove %0d and %0a from location 883 $strip = array('%0d', '%0a'); 884 $found = true; 885 while($found) { 886 $found = false; 887 foreach( (array) $strip as $val ) { 888 while(strpos($location, $val) !== false) { 889 $found = true; 890 $location = str_replace($val, '', $location); 891 } 892 } 893 } 883 $strip = array('%0d', '%0a', '%0D', '%0A'); 884 $location = _deep_replace($strip, $location); 894 885 return $location; 895 886 } … … 909 900 * 910 901 * @since 2.3 911 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing 912 * WordPress host string and $location host string. 902 * @uses wp_validate_redirect() To validate the redirect is to an allowed host. 913 903 * 914 904 * @return void Does not return anything … … 919 909 $location = wp_sanitize_redirect($location); 920 910 911 $location = wp_validate_redirect($location, admin_url()); 912 913 wp_redirect($location, $status); 914 } 915 endif; 916 917 if ( !function_exists('wp_validate_redirect') ) : 918 /** 919 * Validates a URL for use in a redirect. 920 * 921 * Checks whether the $location is using an allowed host, if it has an absolute 922 * path. A plugin can therefore set or remove allowed host(s) to or from the 923 * list. 924 * 925 * If the host is not allowed, then the redirect is to $default supplied 926 * 927 * @since 2.8.1 928 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing 929 * WordPress host string and $location host string. 930 * 931 * @param string $location The redirect to validate 932 * @param string $default The value to return is $location is not allowed 933 * @return string redirect-sanitized URL 934 **/ 935 function wp_validate_redirect($location, $default = '') { 921 936 // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' 922 937 if ( substr($location, 0, 2) == '//' ) … … 932 947 933 948 if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) ) 934 $location = admin_url();935 936 wp_redirect($location, $status);949 $location = $default; 950 951 return $location; 937 952 } 938 953 endif;
Note: See TracChangeset
for help on using the changeset viewer.