Make WordPress Core


Ignore:
Timestamp:
09/10/2013 06:06:43 PM (11 years ago)
Author:
nacin
Message:

Validate referrers to prevent off-domain redirects.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r25273 r25318  
    965965 **/
    966966function wp_validate_redirect($location, $default = '') {
     967    $location = trim( $location );
    967968    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    968969    if ( substr($location, 0, 2) == '//' )
Note: See TracChangeset for help on using the changeset viewer.