Changeset 23570
- Timestamp:
- 03/01/2013 05:20:32 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/edit-form-advanced.php
r23563 r23570 315 315 <input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" /> 316 316 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" /> 317 <input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_ unslash(wp_get_referer())); ?>" />317 <input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_get_referer()); ?>" /> 318 318 <?php if ( ! empty( $active_post_lock ) ) { ?> 319 319 <input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" /> -
trunk/wp-admin/upgrade.php
r23567 r23570 78 78 switch ( $step ) : 79 79 case 0: 80 $goback = wp_ unslash( wp_get_referer());80 $goback = wp_get_referer(); 81 81 $goback = esc_url_raw( $goback ); 82 82 $goback = urlencode( $goback ); -
trunk/wp-admin/user-edit.php
r23554 r23570 55 55 ); 56 56 57 $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));57 $wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer ); 58 58 59 59 $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' ); -
trunk/wp-includes/functions.php
r23554 r23570 1284 1284 1285 1285 if ( $ref && $ref !== $_SERVER['REQUEST_URI'] ) 1286 return $ref;1286 return wp_unslash( $ref ); 1287 1287 return false; 1288 1288 }
Note: See TracChangeset
for help on using the changeset viewer.