mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-29 04:28:07 +01:00
27e29666a8
`wp-login.php` uses `wp_safe_redirect()` for all redirects, even those that do not involve unsafe data from the request or referer. When a user of a subdomain site attempts to login to a network site they do not have access to, the host in the redirect URL is treated as unsafe by `wp_safe_redirect()` as it has no immediate awareness as to which hosts are valid on the network. On a subdirectoy network, everything works as expected because the host is the same. In this specific block of `wp-login.php`, all URLs are generated by WordPress and we can use `wp_redirect()` to handle the redirects. Users authenticating via other network sites will now be redirected properly. Hosts passed via the `redirect_to` query var will continue to be handled by `wp_safe_redirect()`. Fixes #30598. Built from https://develop.svn.wordpress.org/trunk@36867 git-svn-id: http://core.svn.wordpress.org/trunk@36834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
36 lines
629 B
PHP
36 lines
629 B
PHP
<?php
|
|
/**
|
|
* The WordPress version string
|
|
*
|
|
* @global string $wp_version
|
|
*/
|
|
$wp_version = '4.5-beta2-36867';
|
|
|
|
/**
|
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
|
*
|
|
* @global int $wp_db_version
|
|
*/
|
|
$wp_db_version = 36686;
|
|
|
|
/**
|
|
* Holds the TinyMCE version
|
|
*
|
|
* @global string $tinymce_version
|
|
*/
|
|
$tinymce_version = '4307-20160302';
|
|
|
|
/**
|
|
* Holds the required PHP version
|
|
*
|
|
* @global string $required_php_version
|
|
*/
|
|
$required_php_version = '5.2.4';
|
|
|
|
/**
|
|
* Holds the required MySQL version
|
|
*
|
|
* @global string $required_mysql_version
|
|
*/
|
|
$required_mysql_version = '5.0';
|