Index: src/wp-admin/includes/ms.php
===================================================================
--- src/wp-admin/includes/ms.php	(revision 28206)
+++ src/wp-admin/includes/ms.php	(working copy)
@@ -670,10 +670,10 @@
 		<tr>
 			<th scope="row" colspan="2" class="th-full">
 				<?php
-				$signup_url = network_site_url( 'wp-signup.php' );
 				/** This filter is documented in wp-login.php */
+				$sign_up_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) );
 				?>
-				<a href="<?php echo apply_filters( 'wp_signup_location', $signup_url ); ?>"><?php _e( 'Create a New Site' ); ?></a>
+				<a href="<?php echo esc_url( $sign_up_url ); ?>"><?php _e( 'Create a New Site' ); ?></a>
 			</th>
 		</tr>
 	<?php endif; ?>
Index: src/wp-includes/canonical.php
===================================================================
--- src/wp-includes/canonical.php	(revision 28206)
+++ src/wp-includes/canonical.php	(working copy)
@@ -295,11 +295,13 @@
 		}
 
 		if ( 'wp-register.php' == basename( $redirect['path'] ) ) {
-			if ( is_multisite() )
+			if ( is_multisite() ) {
 				/** This filter is documented in wp-login.php */
 				$redirect_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) );
-			else
+			} else {
 				$redirect_url = site_url( 'wp-login.php?action=register' );
+			}
+
 			wp_redirect( $redirect_url, 301 );
 			die();
 		}
Index: src/wp-login.php
===================================================================
--- src/wp-login.php	(revision 28208)
+++ src/wp-login.php	(working copy)
@@ -643,7 +643,6 @@
 
 case 'register' :
 	if ( is_multisite() ) {
-		$sign_up_url = network_site_url( 'wp-signup.php' );
 		/**
 		 * Filter the Multisite sign up URL.
 		 *
@@ -651,7 +650,7 @@
 		 *
 		 * @param string $sign_up_url The sign up URL.
 		 */
-		wp_redirect( apply_filters( 'wp_signup_location', $sign_up_url ) );
+		wp_redirect( apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ) );
 		exit;
 	}