From 2486cc70f74add5ca18f3b7629e70b4bbcaf6736 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 11 Mar 2010 14:54:11 +0000
Subject: [PATCH] Restrict schemes allowed in wp_validate_redirect()

git-svn-id: http://svn.automattic.com/wordpress/trunk@13657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/pluggable.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 019ba88cf1..175eb496a5 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -984,6 +984,15 @@ function wp_validate_redirect($location, $default = '') {
 	$test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location;
 
 	$lp  = parse_url($test);
+
+	// Give up if malformed URL
+	if ( false === $lp )
+		return $default;
+
+	// Allow only http and https schemes. No data:, etc.
+	if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
+		return $default;
+
 	$wpp = parse_url(home_url());
 
 	$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');