Make WordPress Core


Ignore:
Timestamp:
09/10/2013 06:42:32 PM (11 years ago)
Author:
nacin
Message:

Validate referrers to prevent off-domain redirects. Merges [25318] to 3.6.

Location:
branches/3.6
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.6

  • branches/3.6/wp-includes/pluggable.php

    r24649 r25323  
    943943 **/
    944944function wp_validate_redirect($location, $default = '') {
     945    $location = trim( $location );
    945946    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    946947    if ( substr($location, 0, 2) == '//' )
Note: See TracChangeset for help on using the changeset viewer.