Making WordPress.org


Ignore:
Timestamp:
10/13/2020 05:53:57 AM (4 years ago)
Author:
dd32
Message:

WordPress Login: SSO: When performing redirects, sanitize the requested URL prior to processing it.

This prevents notices being caused by malformed inputs.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r9961 r10374  
    185185            }
    186186
     187            // When available, sanitize the redirect prior to redirecting.
     188            // This isn't strictly needed, but prevents harmless invalid inputs being passed through to the Location header.
     189            if ( function_exists( 'wp_sanitize_redirect' ) ) {
     190                $to = wp_sanitize_redirect( $to );
     191            }
     192
    187193            if ( ! $this->_is_valid_targeted_domain( $to ) ) {
    188194                $to = $this->_get_safer_redirect_to();
Note: See TracChangeset for help on using the changeset viewer.