Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Better redirect cleaning. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@1751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
saxmatt 2004-10-05 16:22:31 +00:00
parent 976175ef60
commit c1f391ae7e
4 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/options.php
View File

@ -86,7 +86,7 @@ case 'update':
$referred = str_replace('?updated=true' , '', $_SERVER['HTTP_REFERER']);
$goback = str_replace('?updated=true', '', $_SERVER['HTTP_REFERER']) . '?updated=true';
$goback = preg_replace('|[^a-z?=&/~.:_-]|i', '', $goback);
$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
header('Location: ' . $goback);
break;

2
wp-admin/post.php
View File

@ -458,7 +458,7 @@ case 'delete':
$sendback = $_SERVER['HTTP_REFERER'];
if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
$sendback = preg_replace('|[^a-z?=&/~.:_-]|i', '', $sendback);
$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
header ('Location: ' . $sendback);
do_action('delete_post', $post_id);
break;

10
wp-comments-post.php
View File

@ -89,16 +89,16 @@ if ((get_settings('comments_notify')) && ($approved)) {
wp_notify_postauthor($comment_ID, 'comment');
}
setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
setcookie('comment_author_' . COOKIEHASH, stripslashes($author), time() + 30000000, COOKIEPATH);
setcookie('comment_author_email_' . COOKIEHASH, stripslashes($email), time() + 30000000, COOKIEPATH);
setcookie('comment_author_url_' . COOKIEHASH, stripslashes($url), time() + 30000000, COOKIEPATH);
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
$location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
$location = preg_replace('|[^a-z?=&/~.:_-]|i', '', $location);
$location = get_permalink($comment_ID);
if ($is_IIS) {
header("Refresh: 0;url=$location");

2
wp-login.php
View File

@ -139,7 +139,7 @@ default:
if( !empty($_POST) ) {
$log = $_POST['log'];
$pwd = $_POST['pwd'];
$redirect_to = preg_replace('|[^a-z?=&/~.:_-]|i', '', $_POST['redirect_to']);
$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_POST['redirect_to']);
}
$user = get_userdatabylogin($log);