From 331262b5442ebf2c850212ebb8a826b7025247eb Mon Sep 17 00:00:00 2001
From: Jeremy Felt <jeremyfelt@git.wordpress.org>
Date: Mon, 12 Jan 2015 01:56:04 +0000
Subject: [PATCH] Update `home` and `siteurl` after path slashes are validated
 in `update_blog_details()`

When editing a site, if `home` and `siteurl` are checked to be updated along with a site's domain and path, they should receive the results of any modifications in `update_blog_details()` rather than trusting the POST data.

Previously, it was possible to save a value without a leading slash on the path, causing an invalid URL to be stored.

Props earnjam.

Fixes #30417.


git-svn-id: https://develop.svn.wordpress.org/trunk@31156 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/network/site-info.php | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/wp-admin/network/site-info.php b/src/wp-admin/network/site-info.php
index 0e18020c88..bd7502aa1e 100644
--- a/src/wp-admin/network/site-info.php
+++ b/src/wp-admin/network/site-info.php
@@ -50,15 +50,6 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] ) {
 
 	switch_to_blog( $id );
 
-	if ( isset( $_POST['update_home_url'] ) && $_POST['update_home_url'] == 'update' ) {
-		$blog_address = esc_url_raw( $_POST['blog']['domain'] . $_POST['blog']['path'] );
-		if ( get_option( 'siteurl' ) != $blog_address )
-			update_option( 'siteurl', $blog_address );
-
-		if ( get_option( 'home' ) != $blog_address )
-			update_option( 'home', $blog_address );
-	}
-
 	// Rewrite rules can't be flushed during switch to blog.
 	delete_option( 'rewrite_rules' );
 
@@ -74,6 +65,17 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] ) {
 	}
 	update_blog_details( $id, $blog_data );
 
+	if ( isset( $_POST['update_home_url'] ) && $_POST['update_home_url'] == 'update' ) {
+		$new_details = get_blog_details( $id, false );
+		$blog_address = esc_url_raw( $new_details->domain . $new_details->path );
+		if ( get_option( 'siteurl' ) != $blog_address ) {
+			update_option( 'siteurl', $blog_address );
+		}
+		if ( get_option( 'home' ) != $blog_address ) {
+			update_option( 'home', $blog_address );
+		}
+	}
+
 	restore_current_blog();
 	wp_redirect( add_query_arg( array( 'update' => 'updated', 'id' => $id ), 'site-info.php') );
 	exit;