Make WordPress Core


Ignore:
Timestamp:
10/10/2022 06:57:44 PM (2 years ago)
Author:
audrasjb
Message:

General: Remove instances of _wp_http_referer from GET forms in the admin.

This changeset removes all instances of _wp_http_referer variable from the URL when creating a hidden input for _wp_http_referer. It prevents the hidden field from having an additional version of _wp_http_referer each time the form is submitted.

Props msolution, justinahinon, pbearne, mikeschroder, mukesh27, audrasjb, Clorith, chaion07, robinwpdeveloper, hztyfoon, davidbaumwald, costdev, adamsilverstein.
Fixes #54106.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r54309 r54449  
    19001900 */
    19011901function wp_referer_field( $echo = true ) {
    1902     $referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
     1902    $request_url   = remove_query_arg( '_wp_http_referer' );
     1903    $referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_url( $request_url ) . '" />';
    19031904
    19041905    if ( $echo ) {
Note: See TracChangeset for help on using the changeset viewer.