Make WordPress Core


Ignore:
Timestamp:
03/01/2013 05:20:32 PM (12 years ago)
Author:
ryan
Message:

Always wp_unslash() the return of wp_get_referer().

see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/functions.php

    r23554 r23570  
    12841284
    12851285    if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
    1286         return $ref;
     1286        return wp_unslash( $ref );
    12871287    return false;
    12881288}
Note: See TracChangeset for help on using the changeset viewer.