Skip to content

Commit

Permalink
Always wp_unslash() the return of wp_get_referer().
Browse files Browse the repository at this point in the history 
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information
Ryan Boren committed Mar 1, 2013
1 parent f23bcb8 commit 09d2c65
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion wp-admin/edit-form-advanced.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@
<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" />
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" />
<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_get_referer()); ?>" />
<?php if ( ! empty( $active_post_lock ) ) { ?>
<input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" />
<?php
Expand Down
2 changes: 1 addition & 1 deletion wp-admin/upgrade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@
<?php else :
switch ( $step ) :
case 0:
$goback = wp_unslash( wp_get_referer() );
$goback = wp_get_referer();
$goback = esc_url_raw( $goback );
$goback = urlencode( $goback );
?>
Expand Down
2 changes: 1 addition & 1 deletion wp-admin/user-edit.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
'<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
);

$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
$wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer );

$user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );

Expand Down
2 changes: 1 addition & 1 deletion wp-includes/functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1283,7 +1283,7 @@ function wp_get_referer() {
$ref = $_SERVER['HTTP_REFERER'];

if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
return $ref;
return wp_unslash( $ref );
return false;
}

Expand Down

0 comments on commit 09d2c65

Please sign in to comment.