From dbd3d072748563f1c6d8bf19234697f4a584b57d Mon Sep 17 00:00:00 2001
From: markjaquith <markjaquith@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 18 Sep 2007 22:23:16 +0000
Subject: [PATCH] Introducing wp_safe_redirect().  fixes #4606 for trunk

git-svn-id: http://svn.automattic.com/wordpress/trunk@6131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/pluggable.php | 18 ++++++++++++++++++
 wp-login.php              |  4 ++--
 wp-pass.php               |  2 +-
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index ca4226aec8..fbd5bb0954 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -399,6 +399,24 @@ function wp_redirect($location, $status = 302) {
 }
 endif;
 
+if ( !function_exists('wp_safe_redirect') ) :
+/**
+ * performs a safe (local) redirect, using wp_redirect()
+ * @return void
+ **/
+function wp_safe_redirect($location, $status = 302) {
+	if ( $location{0} == '/' ) {
+		if ( $location{1} == '/' )
+			$location = get_option('home') . '/';
+	} else {
+		if ( substr($location, 0, strlen(get_option('home'))) != get_option('home') )
+			$location = get_option('home') . '/';
+	}
+
+	wp_redirect($location, $status);
+}
+endif;
+
 if ( !function_exists('wp_get_cookie_login') ):
 function wp_get_cookie_login() {
 	if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) )
diff --git a/wp-login.php b/wp-login.php
index 2c62214746..866b90237a 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -78,7 +78,7 @@ case 'logout' :
 	if ( isset( $_REQUEST['redirect_to'] ) )
 		$redirect_to = $_REQUEST['redirect_to'];
 
-	wp_redirect($redirect_to);
+	wp_safe_redirect($redirect_to);
 	exit();
 
 break;
@@ -324,7 +324,7 @@ default:
 			if ( !$using_cookie )
 				wp_setcookie($user_login, $user_pass, false, '', '', $rememberme);
 			do_action('wp_login', $user_login);
-			wp_redirect($redirect_to);
+			wp_safe_redirect($redirect_to);
 			exit();
 		} else {
 			if ( $using_cookie )
diff --git a/wp-pass.php b/wp-pass.php
index e1cb4e055e..709a63b07f 100644
--- a/wp-pass.php
+++ b/wp-pass.php
@@ -7,5 +7,5 @@ if ( get_magic_quotes_gpc() )
 // 10 days
 setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
 
-wp_redirect(wp_get_referer());
+wp_safe_redirect(wp_get_referer());
 ?>
\ No newline at end of file