Changeset 6751

Timestamp:

02/07/2008 06:23:51 PM (17 years ago)

Author:

ryan

Message:

wp_safe_redirect() for 2.0. Props markjaquith and snakefoot. fixes #4606 for 2.0

Location:

branches/2.0

Files:

• wp-includes/pluggable-functions.php (modified) (2 diffs)
• wp-login.php (modified) (2 diffs)
• wp-pass.php (modified) (1 diff)

branches/2.0/wp-includes/pluggable-functions.php

@@ -260 +260 @@
     global $is_IIS;
 
+    $location = apply_filters('wp_redirect', $location, $status);
+
+    if ( !$location ) // allows the wp_redirect filter to cancel a redirect
+        return false;
+
+    $location = wp_sanitize_redirect($location);
+
+    if ( $is_IIS ) {
+        header("Refresh: 0;url=$location");
+    } else {
+        if ( php_sapi_name() != 'cgi-fcgi' )
+            status_header($status); // This causes problems on IIS and some FastCGI setups
+        header("Location: $location");
+    }
+}
+endif;
+
+if ( !function_exists('wp_sanitize_redirect') ) :
+/**
+* sanitizes a URL for use in a redirect
+* @return string redirect-sanitized URL
+**/
+function wp_sanitize_redirect($location) {
     $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
+    $location = wp_kses_no_null($location);
 
     // remove %0d and %0a from location
@@ -274 +298 @@
         }
     }
-
-    if ( $is_IIS ) {
-        header("Refresh: 0;url=$location");
-    } else {
-        if ( php_sapi_name() != 'cgi-fcgi' )
-            status_header($status); // This causes problems on IIS and some FastCGI setups
-        header("Location: $location");
-    }
+    return $location;
+}
+endif;
+
+if ( !function_exists('wp_safe_redirect') ) :
+/**
+* performs a safe (local) redirect, using wp_redirect()
+* @return void
+**/
+function wp_safe_redirect($location, $status = 302) {
+
+    // Need to look at the URL the way it will end up in wp_redirect()
+    $location = wp_sanitize_redirect($location);
+
+    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
+    if ( substr($location, 0, 2) == '//' )
+        $location = 'http:' . $location;
+
+    $lp  = parse_url($location);
+    $wpp = parse_url(get_option('home'));
+
+    $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']));
+
+    if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
+        $location = get_option('siteurl') . '/wp-admin/';
+    
+    wp_redirect($location, $status);
 }
 endif;

branches/2.0/wp-login.php

@@ -30 +30 @@
         $redirect_to = $_REQUEST['redirect_to'];
             
-    wp_redirect($redirect_to);
+    wp_safe_redirect($redirect_to);
     exit();
 
@@ -199 +199 @@
                 wp_setcookie($user_login, $user_pass, false, '', '', $rememberme);
             do_action('wp_login', $user_login);
-            wp_redirect($redirect_to);
+            wp_safe_redirect($redirect_to);
             exit;
         } else {

branches/2.0/wp-pass.php

@@ -8 +8 @@
 setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
 
-wp_redirect(wp_get_referer());
+wp_safe_redirect(wp_get_referer());
 ?>