WordPress.org

Make WordPress Core

Changeset 13657


Ignore:
Timestamp:
03/11/2010 02:54:11 PM (11 years ago)
Author:
ryan
Message:

Restrict schemes allowed in wp_validate_redirect()

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r13576 r13657  
    985985
    986986    $lp  = parse_url($test);
     987
     988    // Give up if malformed URL
     989    if ( false === $lp )
     990        return $default;
     991
     992    // Allow only http and https schemes. No data:, etc.
     993    if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
     994        return $default;
     995
    987996    $wpp = parse_url(home_url());
    988997
Note: See TracChangeset for help on using the changeset viewer.