diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index ca4226aec8..fbd5bb0954 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -399,6 +399,24 @@ function wp_redirect($location, $status = 302) { } endif; +if ( !function_exists('wp_safe_redirect') ) : +/** + * performs a safe (local) redirect, using wp_redirect() + * @return void + **/ +function wp_safe_redirect($location, $status = 302) { + if ( $location{0} == '/' ) { + if ( $location{1} == '/' ) + $location = get_option('home') . '/'; + } else { + if ( substr($location, 0, strlen(get_option('home'))) != get_option('home') ) + $location = get_option('home') . '/'; + } + + wp_redirect($location, $status); +} +endif; + if ( !function_exists('wp_get_cookie_login') ): function wp_get_cookie_login() { if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ) diff --git a/wp-login.php b/wp-login.php index 2c62214746..866b90237a 100644 --- a/wp-login.php +++ b/wp-login.php @@ -78,7 +78,7 @@ case 'logout' : if ( isset( $_REQUEST['redirect_to'] ) ) $redirect_to = $_REQUEST['redirect_to']; - wp_redirect($redirect_to); + wp_safe_redirect($redirect_to); exit(); break; @@ -324,7 +324,7 @@ default: if ( !$using_cookie ) wp_setcookie($user_login, $user_pass, false, '', '', $rememberme); do_action('wp_login', $user_login); - wp_redirect($redirect_to); + wp_safe_redirect($redirect_to); exit(); } else { if ( $using_cookie ) diff --git a/wp-pass.php b/wp-pass.php index e1cb4e055e..709a63b07f 100644 --- a/wp-pass.php +++ b/wp-pass.php @@ -7,5 +7,5 @@ if ( get_magic_quotes_gpc() ) // 10 days setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); -wp_redirect(wp_get_referer()); +wp_safe_redirect(wp_get_referer()); ?> \ No newline at end of file