WordPress.org

Make WordPress Core

Changeset 13657


Ignore:
Timestamp:
03/11/10 14:54:11 (4 years ago)
Author:
ryan
Message:

Restrict schemes allowed in wp_validate_redirect()

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r13576 r13657  
    985985 
    986986    $lp  = parse_url($test); 
     987 
     988    // Give up if malformed URL 
     989    if ( false === $lp ) 
     990        return $default; 
     991 
     992    // Allow only http and https schemes. No data:, etc. 
     993    if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) ) 
     994        return $default; 
     995 
    987996    $wpp = parse_url(home_url()); 
    988997 
Note: See TracChangeset for help on using the changeset viewer.