WordPress.org

Make WordPress Core


Ignore:
Timestamp:
01/12/2015 01:56:04 AM (6 years ago)
Author:
jeremyfelt
Message:

Update home and siteurl after path slashes are validated in update_blog_details()

When editing a site, if home and siteurl are checked to be updated along with a site's domain and path, they should receive the results of any modifications in update_blog_details() rather than trusting the POST data.

Previously, it was possible to save a value without a leading slash on the path, causing an invalid URL to be stored.

Props earnjam.

Fixes #30417.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/network/site-info.php

    r30578 r31156  
    5151    switch_to_blog( $id );
    5252
    53     if ( isset( $_POST['update_home_url'] ) && $_POST['update_home_url'] == 'update' ) {
    54         $blog_address = esc_url_raw( $_POST['blog']['domain'] . $_POST['blog']['path'] );
    55         if ( get_option( 'siteurl' ) != $blog_address )
    56             update_option( 'siteurl', $blog_address );
    57 
    58         if ( get_option( 'home' ) != $blog_address )
    59             update_option( 'home', $blog_address );
    60     }
    61 
    6253    // Rewrite rules can't be flushed during switch to blog.
    6354    delete_option( 'rewrite_rules' );
     
    7465    }
    7566    update_blog_details( $id, $blog_data );
     67
     68    if ( isset( $_POST['update_home_url'] ) && $_POST['update_home_url'] == 'update' ) {
     69        $new_details = get_blog_details( $id, false );
     70        $blog_address = esc_url_raw( $new_details->domain . $new_details->path );
     71        if ( get_option( 'siteurl' ) != $blog_address ) {
     72            update_option( 'siteurl', $blog_address );
     73        }
     74        if ( get_option( 'home' ) != $blog_address ) {
     75            update_option( 'home', $blog_address );
     76        }
     77    }
    7678
    7779    restore_current_blog();
Note: See TracChangeset for help on using the changeset viewer.