WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
03/01/2013 05:58:43 PM (12 years ago)
Author:
nacin
Message:

Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer().

Use wp_slash() instead of addslashes().

see #21767.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-includes/functions.php

    r23570 r23578  
    12341234 */
    12351235function wp_referer_field( $echo = true ) {
    1236     $ref = esc_attr( $_SERVER['REQUEST_URI'] );
    1237     $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
     1236    $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
    12381237
    12391238    if ( $echo )
     
    12581257 */
    12591258function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
    1260     $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
    1261     $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
    1262     $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />';
     1259    if ( ! $ref = wp_get_original_referer() ) {
     1260        $ref = 'previous' == $jump_back_to ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] );
     1261    }
     1262    $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( $ref ) . '" />';
    12631263    if ( $echo )
    12641264        echo $orig_referer_field;
     
    12791279    $ref = false;
    12801280    if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
    1281         $ref = $_REQUEST['_wp_http_referer'];
     1281        $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
    12821282    else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
    1283         $ref = $_SERVER['HTTP_REFERER'];
    1284 
    1285     if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
     1283        $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
     1284
     1285    if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
    12861286        return wp_unslash( $ref );
    12871287    return false;
     
    12991299function wp_get_original_referer() {
    13001300    if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
    1301         return $_REQUEST['_wp_original_http_referer'];
     1301        return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
    13021302    return false;
    13031303}
     
    39073907/**
    39083908 * Output the JS that shows the wp-login iframe when the user is no longer logged in
    3909  */ 
     3909 */
    39103910function wp_auth_check_js() {
    39113911    ?>
Note: See TracChangeset for help on using the changeset viewer.