From 894526c78d17809e57f8aa2e2bd8410894682124 Mon Sep 17 00:00:00 2001 From: Aaron Campbell Date: Sun, 6 Dec 2015 21:17:24 +0000 Subject: [PATCH] Consider both home and site domains to be valid in `wp_validate_redirect()`. Props layotte. Fixes #34028. Built from https://develop.svn.wordpress.org/trunk@35792 git-svn-id: http://core.svn.wordpress.org/trunk@35756 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/pluggable.php | 6 +++--- wp-includes/version.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 88d1440599..922c3aed3e 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -1348,6 +1348,7 @@ function wp_validate_redirect($location, $default = '') { return $default; $wpp = parse_url(home_url()); + $site = parse_url( site_url() ); /** * Filter the whitelist of hosts to redirect to. @@ -1357,9 +1358,9 @@ function wp_validate_redirect($location, $default = '') { * @param array $hosts An array of allowed hosts. * @param bool|string $host The parsed host; empty if not isset. */ - $allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '' ); + $allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array( $wpp['host'], $site['host'] ), isset( $lp['host'] ) ? $lp['host'] : '' ); - if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) ) + if ( isset($lp['host']) && ( ! in_array( $lp['host'], $allowed_hosts ) && ( $lp['host'] != strtolower( $wpp['host'] ) || $lp['host'] != strtolower( $site['host'] ) ) ) ) $location = $default; return $location; @@ -2480,4 +2481,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) { return $r; } endif; - diff --git a/wp-includes/version.php b/wp-includes/version.php index 2b183335d7..62441483b4 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.5-alpha-35791'; +$wp_version = '4.5-alpha-35792'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.