From 7a6287145932591065bff4ade74b606d37b881ba Mon Sep 17 00:00:00 2001 From: "Dominik Schilling (ocean90)" Date: Tue, 3 Apr 2018 14:31:16 +0000 Subject: [PATCH] Login: Use `wp_safe_redirect()` when redirecting the login page if forced to use HTTPS. git-svn-id: https://develop.svn.wordpress.org/trunk@42892 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-login.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/wp-login.php b/src/wp-login.php index 93d08181ee..e7467cb5b8 100644 --- a/src/wp-login.php +++ b/src/wp-login.php @@ -14,10 +14,10 @@ require( dirname( __FILE__ ) . '/wp-load.php' ); // Redirect to https login if forced to use SSL if ( force_ssl_admin() && ! is_ssl() ) { if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) { - wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); + wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); exit(); } else { - wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); + wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit(); } }