Make WordPress Core


Ignore:
Timestamp:
01/09/2016 02:35:03 PM (8 years ago)
Author:
swissspidy
Message:

Ensure wp_get_referer() returns false when the referrer URL is the current URL.

Adds unit tests.

Fixes #19856.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r36090 r36242  
    15261526        $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
    15271527
    1528     if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
     1528    if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) && $ref !== home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) ) {
    15291529        return wp_validate_redirect( $ref, false );
     1530    }
     1531
    15301532    return false;
    15311533}
Note: See TracChangeset for help on using the changeset viewer.