WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/03/2018 03:29:21 PM (19 months ago)
Author:
ocean90
Message:

Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS.

Merge of [42892] to the 4.0 branch.

Location:
branches/4.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.0

  • branches/4.0/src/wp-login.php

    r30418 r42904  
    1515if ( force_ssl_admin() && ! is_ssl() ) {
    1616    if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
    17         wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
     17        wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
    1818        exit();
    1919    } else {
    20         wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
     20        wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
    2121        exit();
    2222    }
Note: See TracChangeset for help on using the changeset viewer.