Changeset 36266
- Timestamp:
- 01/12/2016 08:31:10 AM (9 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/functions.php
r36242 r36266 1518 1518 */ 1519 1519 function wp_get_referer() { 1520 if ( ! function_exists( 'wp_validate_redirect' ) ) 1520 if ( ! function_exists( 'wp_validate_redirect' ) ) { 1521 1521 return false; 1522 $ref = false; 1523 if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) 1524 $ref = wp_unslash( $_REQUEST['_wp_http_referer'] ); 1525 elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) ) 1526 $ref = wp_unslash( $_SERVER['HTTP_REFERER'] ); 1522 } 1523 1524 $ref = wp_get_raw_referer(); 1527 1525 1528 1526 if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) && $ref !== home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) ) { 1529 1527 return wp_validate_redirect( $ref, false ); 1528 } 1529 1530 return false; 1531 } 1532 1533 /** 1534 * Retrieve unvalidated referer from '_wp_http_referer' or HTTP referer. 1535 * 1536 * Do not use for redirects, use wp_get_referer() instead. 1537 * 1538 * @since 4.5.0 1539 * 1540 * @return string|bool Referer URL on success, false on failure. 1541 */ 1542 function wp_get_raw_referer() { 1543 if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) { 1544 return wp_unslash( $_REQUEST['_wp_http_referer'] ); 1545 } else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) { 1546 return wp_unslash( $_SERVER['HTTP_REFERER'] ); 1530 1547 } 1531 1548 -
trunk/tests/phpunit/tests/functions/referer.php
r36242 r36266 7 7 */ 8 8 class Tests_Functions_Referer extends WP_UnitTestCase { 9 private $request = array();10 private $server = array();11 12 9 public function setUp() { 13 10 parent::setUp(); 14 11 15 $this->server = $_SERVER; 16 $this->request = $_REQUEST; 12 $_SERVER['HTTP_REFERER'] = ''; 13 $_SERVER['REQUEST_URI'] = ''; 14 $_REQUEST['_wp_http_referer'] = ''; 17 15 } 18 16 … … 20 18 parent::tearDown(); 21 19 22 $_SERVER = $this->server; 23 $_REQUEST = $this->request; 20 $_SERVER['HTTP_REFERER'] = ''; 21 $_SERVER['REQUEST_URI'] = ''; 22 $_REQUEST['_wp_http_referer'] = ''; 24 23 } 25 24 … … 123 122 remove_filter( 'allowed_redirect_hosts', array( $this, 'filter_allowed_redirect_hosts' ) ); 124 123 } 124 125 /** 126 * @ticket 27152 127 */ 128 public function test_raw_referer_empty( ) { 129 $this->assertFalse( wp_get_raw_referer() ); 130 } 131 132 /** 133 * @ticket 27152 134 */ 135 public function test_raw_referer( ) { 136 $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' ); 137 $this->assertSame( 'http://example.com/foo?bar', wp_get_raw_referer() ); 138 } 139 140 /** 141 * @ticket 27152 142 */ 143 public function test_raw_referer_from_request( ) { 144 $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' ); 145 $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() ); 146 } 147 148 /** 149 * @ticket 27152 150 */ 151 public function test_raw_referer_both( ) { 152 $_SERVER['HTTP_REFERER'] = addslashes( 'http://example.com/foo?bar' ); 153 $_REQUEST['_wp_http_referer'] = addslashes( 'http://foo.bar/baz' ); 154 $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() ); 155 } 125 156 }
Note: See TracChangeset
for help on using the changeset viewer.