1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## CVE2007-3639.dpatch by <andrea.de.iacovo@gmail.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Security patch for CVE2007-3639
@DPATCH@
diff -Nru wordpress-etch/wp-includes/pluggable-functions.php wordpress-etch-old/wp-includes/pluggable-functions.php
--- wordpress-etch/wp-includes/pluggable-functions.php 2008-04-22 12:59:13.000000000 +0200
+++ wordpress-etch/wp-includes/pluggable-functions.php 2008-04-22 12:39:31.000000000 +0200
@@ -259,31 +259,7 @@
function wp_redirect($location, $status = 302) {
global $is_IIS;
- $location = apply_filters('wp_redirect', $location, $status);
-
- if ( !$location ) // allows the wp_redirect filter to cancel a redirect
- return false;
-
- $location = wp_sanitize_redirect($location);
-
- if ( $is_IIS ) {
- header("Refresh: 0;url=$location");
- } else {
- if ( php_sapi_name() != 'cgi-fcgi' )
- status_header($status); // This causes problems on IIS and some FastCGI setups
- header("Location: $location");
- }
-}
-endif;
-
-if ( !function_exists('wp_sanitize_redirect') ) :
-/**
-* sanitizes a URL for use in a redirect
-* @return string redirect-sanitized URL
-**/
-function wp_sanitize_redirect($location) {
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
- $location = wp_kses_no_null($location);
// remove %0d and %0a from location
$strip = array('%0d', '%0a');
@@ -298,34 +274,13 @@
}
}
- return $location;
-}
-endif;
-
-if ( !function_exists('wp_safe_redirect') ) :
-/**
-* performs a safe (local) redirect, using wp_redirect()
-* @return void
-**/
-function wp_safe_redirect($location, $status = 302) {
-
- // Need to look at the URL the way it will end up in wp_redirect()
- $location = wp_sanitize_redirect($location);
-
- // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
- if ( substr($location, 0, 2) == '//' )
- $location = 'http:' . $location;
-
- $lp = parse_url($location);
- $wpp = parse_url(get_option('home'));
-
- $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']));
-
- if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
- $location = get_option('siteurl') . '/wp-admin/';
-
- wp_redirect($location, $status);
-
+ if ( $is_IIS ) {
+ header("Refresh: 0;url=$location");
+ } else {
+ if ( php_sapi_name() != 'cgi-fcgi' )
+ status_header($status); // This causes problems on IIS and some FastCGI setups
+ header("Location: $location");
+ }
}
endif;
@@ -567,4 +522,4 @@
}
endif;
-?>
+?>
\ No newline at end of file
diff -Nru wordpress-etch/wp-login.php wordpress-etch-old/wp-login.php
--- wordpress-etch/wp-login.php 2008-04-22 12:54:38.000000000 +0200
+++ wordpress-etch/wp-login.php 2008-04-22 12:39:32.000000000 +0200
@@ -29,7 +29,7 @@
if ( isset($_REQUEST['redirect_to']) )
$redirect_to = $_REQUEST['redirect_to'];
- wp_safe_redirect($redirect_to);
+ wp_redirect($redirect_to);
exit();
break;
@@ -198,7 +198,7 @@
if ( !$using_cookie )
wp_setcookie($user_login, $user_pass, false, '', '', $rememberme);
do_action('wp_login', $user_login);
- wp_safe_redirect($redirect_to);
+ wp_redirect($redirect_to);
exit;
} else {
if ( $using_cookie )
diff -Nru wordpress-etch/wp-pass.php wordpress-etch-old/wp-pass.php
--- wordpress-etch/wp-pass.php 2008-04-22 12:53:30.000000000 +0200
+++ wordpress-etch/wp-pass.php 2008-04-22 12:39:32.000000000 +0200
@@ -7,5 +7,5 @@
// 10 days
setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
-wp_safe_redirect(wp_get_referer());
-?>
+wp_redirect(wp_get_referer());
+?>
\ No newline at end of file
|
