Always wp_unslash() the return of wp_get_referer().

see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23570 602fd350-edb4-49c9-b593-d223f7449a82

wp-admin/edit-form-advanced.php

@@ -314,7 +314,7 @@ if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create
 <input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
 <input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" />
 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" />
-<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
+<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_get_referer()); ?>" />
 <?php if ( ! empty( $active_post_lock ) ) { ?>
 <input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" />
 <?php

wp-admin/upgrade.php

@@ -77,7 +77,7 @@ else
 <?php else :
 switch ( $step ) :
 	case 0:
-		$goback = wp_unslash( wp_get_referer() );
+		$goback = wp_get_referer();
 		$goback = esc_url_raw( $goback );
 		$goback = urlencode( $goback );
 ?>

wp-admin/user-edit.php

@@ -54,7 +54,7 @@ get_current_screen()->set_help_sidebar(
     '<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
 );
 
-$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
+$wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer );
 
 $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );
 

wp-includes/functions.php

@@ -1283,7 +1283,7 @@ function wp_get_referer() {
 		$ref = $_SERVER['HTTP_REFERER'];
 
 	if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
-		return $ref;
+		return wp_unslash( $ref );
 	return false;
 }