Use wp_get_referer(). fixes #2800

git-svn-id: http://svn.automattic.com/wordpress/trunk@3918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-06-24 07:34:35 +00:00 · 2006-06-24 07:34:35 +00:00 · ec9b6242a3
parent f12797ca96
commit ec9b6242a3
7 changed files with 21 additions and 20 deletions
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@ -117,8 +117,8 @@ case 'deletecomment':
 	else
 		wp_delete_comment($comment->comment_ID);

-	if (($_SERVER['HTTP_REFERER'] != '') && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != '') && (false == $noredir)) {
+		header('Location: ' . wp_get_referer());
 	} else {
 		header('Location: '. get_settings('siteurl') .'/wp-admin/edit-comments.php');
 	}
@ -144,8 +144,8 @@ case 'unapprovecomment':

 	wp_set_comment_status($comment->comment_ID, "hold");

-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		header('Location: ' . wp_get_referer());
 	} else {
 		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
@ -175,8 +175,8 @@ case 'approvecomment':
 	}


-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		header('Location: ' . wp_get_referer());
 	} else {
 		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@ -42,7 +42,7 @@ addLoadEvent(focusit);
 </fieldset>

 <p class="submit"><input type="submit" name="editcomment" id="editcomment" value="<?php echo $submitbutton_text ?>" style="font-weight: bold;" tabindex="6" />
-  <input name="referredby" type="hidden" id="referredby" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php echo wp_get_referer(); ?>" />
 </p>

 </div>
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@ -14,7 +14,7 @@ if (0 == $post_ID) {
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }

-$sendto = $_SERVER['HTTP_REFERER'];
+$sendto = wp_get_referer();

 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
 	$sendto = 'redo';
--- a/wp-admin/link.php
+++ b/wp-admin/link.php
@ -76,7 +76,7 @@ switch ($action) {

 		add_link();

-		header('Location: '.$_SERVER['HTTP_REFERER'].'?added=true');
+		header('Location: '.wp_get_referer().'?added=true');
 		break;

 	case 'save' :
--- a/wp-admin/page.php
+++ b/wp-admin/page.php
@ -98,12 +98,12 @@ case 'editpost':
 	$page_ID = edit_post();

 	if ($_POST['save']) {
-		$location = $_SERVER['HTTP_REFERER'];
+		$location = wp_get_referer();
 	} elseif ($_POST['updatemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+		$location = wp_get_referer() . '&message=2#postcustom';
 	} elseif ($_POST['deletemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
-	} elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+		$location = wp_get_referer() . '&message=3#postcustom';
+	} elseif (!empty($_POST['referredby']) && $_POST['referredby'] != wp_get_referer()) {
 		$location = $_POST['referredby'];
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $page_ID );
@ -134,7 +134,7 @@ case 'delete':
 			die( __('Error in deleting...') );
 	}

-	$sendback = $_SERVER['HTTP_REFERER'];
+	$sendback = wp_get_referer();
 	if (strstr($sendback, 'page.php')) $sendback = get_settings('siteurl') .'/wp-admin/page.php';
 	elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
 	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@ -104,12 +104,12 @@ case 'editpost':
 	$post_ID = edit_post();

 	if ($_POST['save']) {
-		$location = $_SERVER['HTTP_REFERER'];
+		$location = wp_get_referer();
 	} elseif ($_POST['updatemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+		$location = wp_get_referer() . '&message=2#postcustom';
 	} elseif ($_POST['deletemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
-	} elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+		$location = wp_get_referer() . '&message=3#postcustom';
+	} elseif (!empty($_POST['referredby']) && $_POST['referredby'] != wp_get_referer()) {
 		$location = $_POST['referredby'];
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $post_ID );
@ -118,6 +118,7 @@ case 'editpost':
 	} else {
 		$location = 'post-new.php';
 	}
+
 	header ('Location: ' . $location); // Send user on their way while we keep working

 	exit();
@ -140,7 +141,7 @@ case 'delete':
 			die( __('Error in deleting...') );
 	}

-	$sendback = $_SERVER['HTTP_REFERER'];
+	$sendback = wp_get_referer();
 	if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post-new.php';
 	elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
 	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
--- a/wp-admin/upgrade.php
+++ b/wp-admin/upgrade.php
@ -67,7 +67,7 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it
 switch($step) {

 	case 0:
-	$goback = wp_specialchars($_SERVER['HTTP_REFERER'], 1);
+	$goback = wp_specialchars(wp_get_referer());
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
 	<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>