Make WordPress Core

Changeset 54449


Ignore:
Timestamp:
10/10/2022 06:57:44 PM (2 years ago)
Author:
audrasjb
Message:

General: Remove instances of _wp_http_referer from GET forms in the admin.

This changeset removes all instances of _wp_http_referer variable from the URL when creating a hidden input for _wp_http_referer. It prevents the hidden field from having an additional version of _wp_http_referer each time the form is submitted.

Props msolution, justinahinon, pbearne, mikeschroder, mukesh27, audrasjb, Clorith, chaion07, robinwpdeveloper, hztyfoon, davidbaumwald, costdev, adamsilverstein.
Fixes #54106.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r54309 r54449  
    19001900 */
    19011901function wp_referer_field( $echo = true ) {
    1902     $referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
     1902    $request_url   = remove_query_arg( '_wp_http_referer' );
     1903    $referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_url( $request_url ) . '" />';
    19031904
    19041905    if ( $echo ) {
  • trunk/tests/phpunit/tests/functions/wpRefererField.php

    r54420 r54449  
    3030        $this->assertSame( '<input type="hidden" name="_wp_http_referer" value="/test/" />', wp_referer_field( false ) );
    3131    }
     32
     33    /**
     34     * Tests that the echo argument is respected.
     35     *
     36     * @ticket 54106
     37     *
     38     * @dataProvider data_wp_referer_field_should_respect_echo_arg
     39     *
     40     * @param mixed $echo Whether to echo or return the referer field.
     41     */
     42    public function test_wp_referer_field_should_respect_echo_arg( $echo ) {
     43        $actual = $echo ? get_echo( 'wp_referer_field' ) : wp_referer_field( false );
     44
     45        $this->assertSame( '<input type="hidden" name="_wp_http_referer" value="" />', $actual );
     46    }
     47
     48    /**
     49     * Data provider for test_wp_referer_field_should_respect_echo_arg().
     50     *
     51     * @return array
     52     */
     53    public function data_wp_referer_field_should_respect_echo_arg() {
     54        return array(
     55            'true'         => array( true ),
     56            '(int) 1'      => array( 1 ),
     57            '(string) "1"' => array( '1' ),
     58            'false'        => array( false ),
     59            'null'         => array( null ),
     60            '(int) 0'      => array( 0 ),
     61            '(string) "0"' => array( '0' ),
     62        );
     63    }
     64
     65    /**
     66     * @ticket 54106
     67     */
     68    public function test_wp_referer_field_with_referer() {
     69        $old_request_uri        = $_SERVER['REQUEST_URI'];
     70        $_SERVER['REQUEST_URI'] = 'edit.php?_wp_http_referer=edit.php';
     71
     72        $actual = wp_referer_field( false );
     73
     74        $_SERVER['REQUEST_URI'] = $old_request_uri;
     75
     76        $this->assertSame( '<input type="hidden" name="_wp_http_referer" value="edit.php" />', $actual );
     77    }
    3278}
Note: See TracChangeset for help on using the changeset viewer.