wp_get_referer() and friends from robmiller and markjaquith. fixes #2800

git-svn-id: http://svn.automattic.com/wordpress/trunk@3908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-06-24 05:38:37 +00:00 · 2006-06-24 05:38:37 +00:00 · 9876a3606f
parent e232ef9a32
commit 9876a3606f
3 changed files with 31 additions and 3 deletions
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@ -77,8 +77,8 @@ case 'update':
 			//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
    }
    
-	$referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
-	$goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
+	$referred = remove_query_arg('updated' , wp_get_referer());
+	$goback = add_query_arg('updated', 'true', wp_get_referer());
 	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
 	wp_redirect($goback);
    break;
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@ -811,6 +811,34 @@ function wp_nonce_url($actionurl, $action = -1) {

 function wp_nonce_field($action = -1) {
 	echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+	wp_referer_field();
+}
+
+function wp_referer_field() {
+	$ref = ( false === wp_get_referer() ) ? $_SERVER['REQUEST_URI'] : wp_get_referer();
+	$ref = wp_specialchars(stripslashes($ref));
+	echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
+	if ( wp_get_original_referer() ) {
+		$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+		echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
+	}
+}
+
+function wp_original_referer_field() {
+	echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+}
+
+function wp_get_referer() {
+	foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
+		if ( !empty($ref) )
+			return $ref;
+	return false;
+}
+
+function wp_get_original_referer() {
+	if ( !empty($_REQUEST['_wp_original_http_referer']) )
+		return $_REQUEST['_wp_original_http_referer'];
+	return false;
 }

 function wp_mkdir_p($target) {
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -231,7 +231,7 @@ if ( !function_exists('check_admin_referer') ) :
 function check_admin_referer($action = -1) {
 	global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
 	$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
-	$referer = strtolower($_SERVER['HTTP_REFERER']);
+	$referer = strtolower(wp_get_referer());
 	if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
 		!(-1 == $action && strstr($referer, $adminurl)) ) {
 		if ( $referer )