From 40bcb404a32072830a54faddcac8242c91a2f48a Mon Sep 17 00:00:00 2001 From: Jeremy Felt Date: Mon, 12 Jan 2015 01:57:23 +0000 Subject: [PATCH] Update `home` and `siteurl` after path slashes are validated in `update_blog_details()` When editing a site, if `home` and `siteurl` are checked to be updated along with a site's domain and path, they should receive the results of any modifications in `update_blog_details()` rather than trusting the POST data. Previously, it was possible to save a value without a leading slash on the path, causing an invalid URL to be stored. Props earnjam. Fixes #30417. Built from https://develop.svn.wordpress.org/trunk@31156 git-svn-id: http://core.svn.wordpress.org/trunk@31137 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/network/site-info.php | 20 +++++++++++--------- wp-includes/version.php | 2 +- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/wp-admin/network/site-info.php b/wp-admin/network/site-info.php index 0e18020c88..bd7502aa1e 100644 --- a/wp-admin/network/site-info.php +++ b/wp-admin/network/site-info.php @@ -50,15 +50,6 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] ) { switch_to_blog( $id ); - if ( isset( $_POST['update_home_url'] ) && $_POST['update_home_url'] == 'update' ) { - $blog_address = esc_url_raw( $_POST['blog']['domain'] . $_POST['blog']['path'] ); - if ( get_option( 'siteurl' ) != $blog_address ) - update_option( 'siteurl', $blog_address ); - - if ( get_option( 'home' ) != $blog_address ) - update_option( 'home', $blog_address ); - } - // Rewrite rules can't be flushed during switch to blog. delete_option( 'rewrite_rules' ); @@ -74,6 +65,17 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] ) { } update_blog_details( $id, $blog_data ); + if ( isset( $_POST['update_home_url'] ) && $_POST['update_home_url'] == 'update' ) { + $new_details = get_blog_details( $id, false ); + $blog_address = esc_url_raw( $new_details->domain . $new_details->path ); + if ( get_option( 'siteurl' ) != $blog_address ) { + update_option( 'siteurl', $blog_address ); + } + if ( get_option( 'home' ) != $blog_address ) { + update_option( 'home', $blog_address ); + } + } + restore_current_blog(); wp_redirect( add_query_arg( array( 'update' => 'updated', 'id' => $id ), 'site-info.php') ); exit; diff --git a/wp-includes/version.php b/wp-includes/version.php index 4e90c73e79..560b68d62a 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.2-alpha-31155'; +$wp_version = '4.2-alpha-31156'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.