From 8552a9af152e867d2eefc48efcc66396d7dfe2dc Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Wed, 4 Sep 2019 16:56:33 +0000
Subject: [PATCH] Improve URL validation in `wp_validate_redirect()`.

Props vortfu, whyisjake, peterwilsoncc.

git-svn-id: https://develop.svn.wordpress.org/trunk@45971 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/pluggable.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index 82b55f199a..9336e03c7e 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -1407,6 +1407,14 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
 			return $default;
 		}
 
+		if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) {
+			$path = '';
+			if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
+				$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
+			}
+			$location = '/' . ltrim( $path . '/', '/' ) . $location;
+		}
+
 		// Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
 		if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
 			return $default;