Index: trunk/wp-includes/functions.php
===================================================================
--- trunk/wp-includes/functions.php (revision 23411)
+++ trunk/wp-includes/functions.php (revision 23416)
@@ -469,5 +469,5 @@
if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
- add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );
+ wp_add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );
}
}
@@ -1257,7 +1257,7 @@
*/
function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
- $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
+ $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] );
$ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
- $orig_referer_field = '';
+ $orig_referer_field = '';
if ( $echo )
echo $orig_referer_field;
@@ -1278,9 +1278,9 @@
$ref = false;
if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
- $ref = $_REQUEST['_wp_http_referer'];
+ $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
- $ref = $_SERVER['HTTP_REFERER'];
-
- if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
+ $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
+
+ if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
return $ref;
return false;
@@ -1298,5 +1298,5 @@
function wp_get_original_referer() {
if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
- return $_REQUEST['_wp_original_http_referer'];
+ return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
return false;
}