Changeset 23554 for trunk/wp-admin/users.php
- Timestamp:
- 03/01/2013 04:28:40 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/users.php
r23416 r23554 65 65 66 66 if ( empty($_REQUEST) ) { 67 $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] )) . '" />';67 $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 68 68 } elseif ( isset($_REQUEST['wp_http_referer']) ) { 69 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ));69 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); 70 70 $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />'; 71 71 } else { … … 358 358 359 359 if ( !empty($_GET['_wp_http_referer']) ) { 360 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ));360 wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']))); 361 361 exit; 362 362 } … … 382 382 if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) { 383 383 $messages[] = '<div id="message" class="updated"><p>' . sprintf( __( 'New user created. <a href="%s">Edit user</a>' ), 384 esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),384 esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), 385 385 self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '</p></div>'; 386 386 } else {
Note: See TracChangeset
for help on using the changeset viewer.