WordPress.org

Make WordPress Core

Changeset 42892


Ignore:
Timestamp:
04/03/2018 02:31:16 PM (7 weeks ago)
Author:
ocean90
Message:

Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r42843 r42892  
    1515if ( force_ssl_admin() && ! is_ssl() ) {
    1616    if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
    17         wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
     17        wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
    1818        exit();
    1919    } else {
    20         wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
     20        wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
    2121        exit();
    2222    }
Note: See TracChangeset for help on using the changeset viewer.