Changeset 40691

Timestamp:

05/16/2017 08:40:15 AM (8 years ago)

Author:

swissspidy

Message:

Improve redirect handling

Merges[40689] to the 4.7 branch.

Location:

branches/4.6

Files:

• . (modified) (1 prop)
• src/wp-includes/class-http.php (modified) (2 diffs)

branches/4.6/src/wp-includes/class-http.php

@@ -311 +311 @@
         $options['hooks']->register( 'requests.before_redirect', array( get_class(), 'browser_redirect_compatibility' ) );
 
+        // Validate redirected URLs.
+        if ( function_exists( 'wp_kses_bad_protocol' ) && $r['reject_unsafe_urls'] ) {
+            $options['hooks']->register( 'requests.before_redirect', array( get_class(), 'validate_redirects' ) );
+        }
+
         if ( $r['stream'] ) {
             $options['filename'] = $r['filename'];
@@ -468 +473 @@
         if ( $original->status_code === 302 ) {
             $options['type'] = Requests::GET;
+        }
+    }
+
+    /**
+     * Validate redirected URLs.
+     *
+     * @throws Requests_Exception On unsuccessful URL validation
+     * @param string $location URL to redirect to.
+     */
+    public static function validate_redirects( $location ) {
+        if ( ! wp_http_validate_url( $location ) ) {
+            throw new Requests_Exception( __('A valid URL was not provided.'), 'wp_http.redirect_failed_validation' );
         }
     }