WordPress.org

Make WordPress Core

Changeset 1751


Ignore:
Timestamp:
10/05/2004 04:22:31 PM (16 years ago)
Author:
saxmatt
Message:

Better redirect cleaning.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/options.php

    r1748 r1751  
    8787    $referred = str_replace('?updated=true' , '', $_SERVER['HTTP_REFERER']);
    8888    $goback = str_replace('?updated=true', '', $_SERVER['HTTP_REFERER']) . '?updated=true';
    89     $goback = preg_replace('|[^a-z?=&/~.:_-]|i', '', $goback);
     89    $goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
    9090    header('Location: ' . $goback);
    9191    break;
  • trunk/wp-admin/post.php

    r1748 r1751  
    459459    $sendback = $_SERVER['HTTP_REFERER'];
    460460    if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
    461     $sendback = preg_replace('|[^a-z?=&/~.:_-]|i', '', $sendback);
     461    $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
    462462    header ('Location: ' . $sendback);
    463463    do_action('delete_post', $post_id);
  • trunk/wp-comments-post.php

    r1748 r1751  
    9090}
    9191
    92 setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
    93 setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
    94 setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
     92setcookie('comment_author_' . COOKIEHASH, stripslashes($author), time() + 30000000, COOKIEPATH);
     93setcookie('comment_author_email_' . COOKIEHASH, stripslashes($email), time() + 30000000, COOKIEPATH);
     94setcookie('comment_author_url_' . COOKIEHASH, stripslashes($url), time() + 30000000, COOKIEPATH);
    9595
    9696header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
     
    9898header('Cache-Control: no-cache, must-revalidate');
    9999header('Pragma: no-cache');
    100 $location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
    101 $location = preg_replace('|[^a-z?=&/~.:_-]|i', '', $location);
     100
     101$location = get_permalink($comment_ID);
    102102
    103103if ($is_IIS) {
  • trunk/wp-login.php

    r1748 r1751  
    140140        $log = $_POST['log'];
    141141        $pwd = $_POST['pwd'];
    142         $redirect_to = preg_replace('|[^a-z?=&/~.:_-]|i', '', $_POST['redirect_to']);
     142        $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_POST['redirect_to']);
    143143    }
    144144   
Note: See TracChangeset for help on using the changeset viewer.