Changeset 19579

Timestamp:

12/10/2011 06:26:48 PM (14 years ago)

Author:

ryan

Message:

Best practice, use wp_safe_redirect() when dealing with referrers. Props nacin.

Location:

trunk/wp-admin

Files:

• edit-comments.php (modified) (2 diffs)
• includes/misc.php (modified) (1 diff)
• network/site-themes.php (modified) (1 diff)
• network/site-users.php (modified) (1 diff)
• network/sites.php (modified) (10 diffs)
• network/themes.php (modified) (7 diffs)
• network/users.php (modified) (1 diff)

trunk/wp-admin/edit-comments.php

@@ -31 +31 @@
         $comment_ids = array_map( 'absint', explode( ',', $_REQUEST['ids'] ) );
     } elseif ( wp_get_referer() ) {
-        wp_redirect( wp_get_referer() );
+        wp_safe_redirect( wp_get_referer() );
         exit;
     }
@@ -93 +93 @@
         $redirect_to = add_query_arg( 'ids', join( ',', $comment_ids ), $redirect_to );
 
-    wp_redirect( $redirect_to );
+    wp_safe_redirect( $redirect_to );
     exit;
 } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {

trunk/wp-admin/includes/misc.php

@@ -368 +368 @@
 
         update_user_meta($user->ID, $option, $value);
-        wp_redirect( remove_query_arg( array('pagenum', 'apage', 'paged'), wp_get_referer() ) );
+        wp_safe_redirect( remove_query_arg( array('pagenum', 'apage', 'paged'), wp_get_referer() ) );
         exit;
     }

trunk/wp-admin/network/site-themes.php

@@ -119 +119 @@
     restore_current_blog();
 
-    wp_redirect( add_query_arg( array( 'id' => $id, $action => $n ), $referer ) );
+    wp_safe_redirect( add_query_arg( array( 'id' => $id, $action => $n ), $referer ) );
     exit;
 }
 
 if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) {
-    wp_redirect( $referer );
+    wp_safe_redirect( $referer );
     exit();
 }

trunk/wp-admin/network/site-users.php

@@ -154 +154 @@
 
     restore_current_blog();
-    wp_redirect( add_query_arg( 'update', $update, $referer ) );
+    wp_safe_redirect( add_query_arg( 'update', $update, $referer ) );
     exit();
 }
 
 if ( isset( $_GET['action'] ) && 'update-site' == $_GET['action'] ) {
-    wp_redirect( $referer );
+    wp_safe_redirect( $referer );
     exit();
 }

trunk/wp-admin/network/sites.php

@@ -64 +64 @@
             if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {
                 wpmu_delete_blog( $id, true );
-                wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete' ), wp_get_referer() ) );
+                wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete' ), wp_get_referer() ) );
             } else {
-                wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'not_deleted' ), wp_get_referer() ) );
+                wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'not_deleted' ), wp_get_referer() ) );
             }
 
@@ -111 +111 @@
                 }
 
-                wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $blogfunction ), wp_get_referer() ) );
+                wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $blogfunction ), wp_get_referer() ) );
             } else {
                 wp_redirect( network_admin_url( 'sites.php' ) );
@@ -124 +124 @@
 
             update_blog_status( $id, 'archived', '1' );
-            wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'archive' ), wp_get_referer() ) );
+            wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'archive' ), wp_get_referer() ) );
             exit();
         break;
@@ -134 +134 @@
 
             update_blog_status( $id, 'archived', '0' );
-            wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unarchive' ), wp_get_referer() ) );
+            wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unarchive' ), wp_get_referer() ) );
             exit();
         break;
@@ -145 +145 @@
             update_blog_status( $id, 'deleted', '0' );
             do_action( 'activate_blog', $id );
-            wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'activate' ), wp_get_referer() ) );
+            wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'activate' ), wp_get_referer() ) );
             exit();
         break;
@@ -156 +156 @@
             do_action( 'deactivate_blog', $id );
             update_blog_status( $id, 'deleted', '1' );
-            wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'deactivate' ), wp_get_referer() ) );
+            wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'deactivate' ), wp_get_referer() ) );
             exit();
         break;
@@ -166 +166 @@
 
             update_blog_status( $id, 'spam', '0' );
-            wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unspam' ), wp_get_referer() ) );
+            wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unspam' ), wp_get_referer() ) );
             exit();
         break;
@@ -176 +176 @@
 
             update_blog_status( $id, 'spam', '1' );
-            wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'spam' ), wp_get_referer() ) );
+            wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'spam' ), wp_get_referer() ) );
             exit();
         break;
@@ -186 +186 @@
 
             update_blog_status( $id, 'mature', '0' );
-            wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unmature' ), wp_get_referer() ) );
+            wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unmature' ), wp_get_referer() ) );
             exit();
         break;
@@ -196 +196 @@
 
             update_blog_status( $id, 'mature', '1' );
-            wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'mature' ), wp_get_referer() ) );
+            wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'mature' ), wp_get_referer() ) );
             exit();
         break;

trunk/wp-admin/network/themes.php

@@ -48 +48 @@
             unset( $allowed_themes[ $_GET['theme'] ] );
             update_site_option( 'allowedthemes', $allowed_themes );
-            wp_redirect( add_query_arg( 'disabled', '1', $referer ) );
+            wp_safe_redirect( add_query_arg( 'disabled', '1', $referer ) );
             exit;
             break;
@@ -55 +55 @@
             $themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
             if ( empty($themes) ) {
-                wp_redirect( add_query_arg( 'error', 'none', $referer ) );
+                wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
                 exit;
             }
@@ -61 +61 @@
                 $allowed_themes[ $theme ] = true;
             update_site_option( 'allowedthemes', $allowed_themes );
-            wp_redirect( add_query_arg( 'enabled', count( $themes ), $referer ) );
+            wp_safe_redirect( add_query_arg( 'enabled', count( $themes ), $referer ) );
             exit;
             break;
@@ -68 +68 @@
             $themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
             if ( empty($themes) ) {
-                wp_redirect( add_query_arg( 'error', 'none', $referer ) );
+                wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
                 exit;
             }
@@ -74 +74 @@
                 unset( $allowed_themes[ $theme ] );
             update_site_option( 'allowedthemes', $allowed_themes );
-            wp_redirect( add_query_arg( 'disabled', count( $themes ), $referer ) );
+            wp_safe_redirect( add_query_arg( 'disabled', count( $themes ), $referer ) );
             exit;
             break;
@@ -118 +118 @@
 
             if ( empty( $themes ) ) {
-                wp_redirect( add_query_arg( 'error', 'none', $referer ) );
+                wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) );
                 exit;
             }
@@ -135 +135 @@
 
             if ( empty( $themes ) ) {
-                wp_redirect( add_query_arg( 'error', 'main', $referer ) );
+                wp_safe_redirect( add_query_arg( 'error', 'main', $referer ) );
                 exit;
             }

trunk/wp-admin/network/users.php

@@ -167 +167 @@
                 }
 
-                wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) );
+                wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) );
             } else {
                 $location = network_admin_url( 'users.php' );