From 19b1303e66156840ffab51b652a1c0442442e535 Mon Sep 17 00:00:00 2001
From: Dominik Schilling <dominikschilling+git@gmail.com>
Date: Tue, 3 Apr 2018 15:34:27 +0000
Subject: [PATCH] Login: Use `wp_safe_redirect()` when redirecting the login
 page if forced to use HTTPS.

Merge of [42892] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@42905


git-svn-id: http://core.svn.wordpress.org/branches/3.9@42735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-login.php b/wp-login.php
index 392615120e..14a6bfb4ee 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -14,10 +14,10 @@ require( dirname(__FILE__) . '/wp-load.php' );
 // Redirect to https login if forced to use SSL
 if ( force_ssl_admin() && ! is_ssl() ) {
 	if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
-		wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
+		wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
 		exit();
 	} else {
-		wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
+		wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
 		exit();
 	}
 }