Changeset 58023
- Timestamp:
- 04/18/2024 06:22:19 AM (2 weeks ago)
- File:
-
- 1 edited
-
trunk/src/wp-login.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-login.php
r57801 r58023 793 793 wp_logout(); 794 794 795 if ( ! empty( $_REQUEST['redirect_to'] ) ) {795 if ( ! empty( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) { 796 796 $redirect_to = $_REQUEST['redirect_to']; 797 797 $requested_redirect_to = $redirect_to; … … 1297 1297 } 1298 1298 1299 if ( isset( $_REQUEST['redirect_to'] ) ) {1299 if ( isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) { 1300 1300 $redirect_to = $_REQUEST['redirect_to']; 1301 1301 // Redirect to HTTPS if user wants SSL. … … 1335 1335 } 1336 1336 1337 $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; 1337 $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; 1338 1338 1339 /** 1339 1340 * Filters the login redirect URL. … … 1439 1440 } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) { 1440 1441 $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' ); 1441 } elseif ( isset( $_GET['redirect_to'] ) && str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) { 1442 } elseif ( isset( $_GET['redirect_to'] ) && is_string( $_GET['redirect_to'] ) 1443 && str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) 1444 ) { 1442 1445 $query_component = wp_parse_url( $_GET['redirect_to'], PHP_URL_QUERY ); 1443 1446 $query = array();
Note: See TracChangeset
for help on using the changeset viewer.