WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/21/2016 02:19:01 PM (4 years ago)
Author:
ocean90
Message:

Customize: Make sure that preview and return URLs are URLs.

Merge of [37527] to the 3.9 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.9/src/wp-admin/customize.php

    r27907 r37777  
    1818wp_reset_vars( array( 'url', 'return' ) );
    1919$url = urldecode( $url );
     20$url = esc_url_raw( $url );
    2021$url = wp_validate_redirect( $url, home_url( '/' ) );
    2122if ( $return )
    22     $return = wp_validate_redirect( urldecode( $return ) );
     23    $return = wp_validate_redirect( esc_url_raw( urldecode( $return ) ) );
    2324if ( ! $return )
    2425    $return = $url;
Note: See TracChangeset for help on using the changeset viewer.