From 6d5d03d9a1984648c6b36d88eb78d719b076e81f Mon Sep 17 00:00:00 2001
From: "Dominik Schilling (ocean90)" <ocean90@git.wordpress.org>
Date: Tue, 3 Apr 2018 15:28:30 +0000
Subject: [PATCH] Login: Use `wp_safe_redirect()` when redirecting the login
 page if forced to use HTTPS.

Merge of [42892] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42897 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wp-login.php b/src/wp-login.php
index 4e189d86b0..aede58d445 100644
--- a/src/wp-login.php
+++ b/src/wp-login.php
@@ -14,10 +14,10 @@ require( dirname(__FILE__) . '/wp-load.php' );
 // Redirect to https login if forced to use SSL
 if ( force_ssl_admin() && ! is_ssl() ) {
 	if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
-		wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
+		wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
 		exit();
 	} else {
-		wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
+		wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
 		exit();
 	}
 }