From 076fb0ff4d9facdc8255a58a4932378a562559a2 Mon Sep 17 00:00:00 2001
From: Dominik Schilling <dominikschilling+git@gmail.com>
Date: Tue, 3 Apr 2018 15:22:42 +0000
Subject: [PATCH] Login: Use `wp_safe_redirect()` when redirecting the login
 page if forced to use HTTPS.

Merge of [42892] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@42895


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/version.php | 2 +-
 wp-login.php            | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/wp-includes/version.php b/wp-includes/version.php
index b7cae2c072..1c55ffc9b7 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.9.5-RC1-42885';
+$wp_version = '4.9.5-RC1-42895';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-login.php b/wp-login.php
index b5d0e4a8d5..0fe74693f5 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -14,10 +14,10 @@ require( dirname(__FILE__) . '/wp-load.php' );
 // Redirect to https login if forced to use SSL
 if ( force_ssl_admin() && ! is_ssl() ) {
 	if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
-		wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
+		wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
 		exit();
 	} else {
-		wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
+		wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
 		exit();
 	}
 }