Validate referrers to prevent off-domain redirects. Merges [25318] to 3.6.

Built from https://develop.svn.wordpress.org/branches/3.6@25323 git-svn-id: http://core.svn.wordpress.org/branches/3.6@25285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 18:43:03 +00:00 · 2013-09-10 18:43:03 +00:00 · 0b4b9bfa2b
parent 85da1c49a1
commit 0b4b9bfa2b
2 changed files with 3 additions and 2 deletions
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@ -1283,7 +1283,7 @@ function wp_get_referer() {
 		$ref = wp_unslash( $_SERVER['HTTP_REFERER'] );

 	if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
-		return wp_unslash( $ref );
+		return wp_validate_redirect( $ref, false );
 	return false;
 }

@ -1298,7 +1298,7 @@ function wp_get_referer() {
 */
 function wp_get_original_referer() {
 	if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
-		return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
+		return wp_validate_redirect( wp_unslash( $_REQUEST['_wp_original_http_referer'] ), false );
 	return false;
 }

--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -942,6 +942,7 @@ if ( !function_exists('wp_validate_redirect') ) :
 * @return string redirect-sanitized URL
 **/
 function wp_validate_redirect($location, $default = '') {
+	$location = trim( $location );
 	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
 	if ( substr($location, 0, 2) == '//' )
 		$location = 'http:' . $location;