sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve URL validation in `wp_validate_redirect()`. 

Props vortfu, whyisjake, peterwilsoncc.

git-svn-id: https://develop.svn.wordpress.org/trunk@45971 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2019-09-04 16:56:33 +00:00
parent a1fd37e413
commit 8552a9af15
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/wp-includes/pluggable.php
View File

@ -1407,6 +1407,14 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
return $default;
}
if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) {
$path = '';
if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
}
$location = '/' . ltrim( $path . '/', '/' ) . $location;
}
// Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
return $default;