Changeset 1748

Timestamp:

10/05/2004 08:35:22 AM (21 years ago)

Author:

saxmatt

Message:

Changes to how we do redirects.

Location:

trunk

Files:

• wp-admin/options.php (modified) (1 diff)
• wp-admin/post.php (modified) (1 diff)
• wp-comments-post.php (modified) (1 diff)
• wp-login.php (modified) (1 diff)

trunk/wp-admin/options.php

@@ -87 +87 @@
     $referred = str_replace('?updated=true' , '', $_SERVER['HTTP_REFERER']);
     $goback = str_replace('?updated=true', '', $_SERVER['HTTP_REFERER']) . '?updated=true';
+    $goback = preg_replace('|[^a-z?=&/~.:_-]|i', '', $goback);
     header('Location: ' . $goback);
     break;

trunk/wp-admin/post.php

@@ -459 +459 @@
     $sendback = $_SERVER['HTTP_REFERER'];
     if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
+    $sendback = preg_replace('|[^a-z?=&/~.:_-]|i', '', $sendback);
     header ('Location: ' . $sendback);
     do_action('delete_post', $post_id);

trunk/wp-comments-post.php

@@ -99 +99 @@
 header('Pragma: no-cache');
 $location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
+$location = preg_replace('|[^a-z?=&/~.:_-]|i', '', $location);
+
 if ($is_IIS) {
     header("Refresh: 0;url=$location");

trunk/wp-login.php

@@ -140 +140 @@
         $log = $_POST['log'];
         $pwd = $_POST['pwd'];
-        $redirect_to = preg_replace('|[^a-z/~.:_-]|i', '', $_POST['redirect_to']);
+        $redirect_to = preg_replace('|[^a-z?=&/~.:_-]|i', '', $_POST['redirect_to']);
     }