Validate referrers to prevent off-domain redirects.

git-svn-id: https://develop.svn.wordpress.org/trunk@25318 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2013-09-10 18:06:43 +00:00
parent 31482a7968
commit ac3361e997
2 changed files with 3 additions and 2 deletions
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -1296,7 +1296,7 @@ function wp_get_referer() {
 		$ref = wp_unslash( $_SERVER['HTTP_REFERER'] );

 	if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
-		return wp_unslash( $ref );
+		return wp_validate_redirect( $ref, false );
 	return false;
 }

@@ -1311,7 +1311,7 @@ function wp_get_referer() {
 */
 function wp_get_original_referer() {
 	if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
-		return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
+		return wp_validate_redirect( wp_unslash( $_REQUEST['_wp_original_http_referer'] ), false );
 	return false;
 }