Make WordPress Core


Ignore:
Timestamp:
06/21/2016 02:18:28 PM (8 years ago)
Author:
ocean90
Message:

Customize: Make sure that preview and return URLs are URLs.

Merge of [37527] to the 4.0 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/4.0/src/wp-admin/customize.php

    r29610 r37775  
    1919wp_reset_vars( array( 'url', 'return' ) );
    2020$url = wp_unslash( $url );
     21$url = esc_url_raw( $url );
    2122$url = wp_validate_redirect( $url, home_url( '/' ) );
    2223if ( $return ) {
    2324    $return = wp_unslash( $return );
     25    $return = esc_url_raw( $return );
    2426    $return = wp_validate_redirect( $return );
    2527}
Note: See TracChangeset for help on using the changeset viewer.