Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Always exit after wp_redirect. props filosofo, fixes #15518.

git-svn-id: http://svn.automattic.com/wordpress/trunk@16847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
commit a717edca97121f3b5f8e4428e5cde75ec3ce8a2a 1 parent 0036c52
nacin authored
View
8 wp-admin/admin.php
@@ -178,13 +178,17 @@
if ( ! current_user_can('import') )
wp_die(__('You are not allowed to import.'));
- if ( validate_file($importer) )
+ if ( validate_file($importer) ) {
wp_redirect( admin_url( 'import.php?invalid=' . $importer ) );
+ exit;
+ }
// Allow plugins to define importers as well
if ( !isset($wp_importers) || !isset($wp_importers[$importer]) || ! is_callable($wp_importers[$importer][2])) {
- if (! file_exists(ABSPATH . "wp-admin/import/$importer.php"))
+ if (! file_exists(ABSPATH . "wp-admin/import/$importer.php")) {
wp_redirect( admin_url( 'import.php?invalid=' . $importer ) );
+ exit;
+ }
include(ABSPATH . "wp-admin/import/$importer.php");
}
View
4 wp-admin/includes/ms.php
@@ -507,12 +507,10 @@ function redirect_user_to_blog() {
if ( is_object( $blog ) ) {
wp_redirect( get_admin_url( $blog->blog_id, '?c=' . $c ) ); // redirect and count to 5, "just in case"
- exit;
} else {
wp_redirect( user_admin_url( '?c=' . $c ) ); // redirect and count to 5, "just in case"
}
-
- wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
+ exit;
}
add_action( 'admin_page_access_denied', 'redirect_user_to_blog', 99 );
View
1  wp-admin/link-manager.php
@@ -29,6 +29,7 @@
}
wp_redirect( add_query_arg('deleted', count( $bulklinks ), admin_url( 'link-manager.php' ) ) );
+ exit;
}
} elseif ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
View
1  wp-admin/media-upload.php
@@ -55,6 +55,7 @@
$location .= '?message=3';
wp_redirect( admin_url($location) );
+ exit;
}
$title = __('Upload New Media');
View
1  wp-admin/moderation.php
@@ -9,4 +9,5 @@
*/
require_once('../wp-load.php');
wp_redirect( admin_url('edit-comments.php?comment_status=moderated') );
+exit;
?>
View
4 wp-admin/ms-admin.php
@@ -9,4 +9,6 @@
require_once( './admin.php' );
-wp_redirect( network_admin_url() );
+wp_redirect( network_admin_url() );
+exit;
+?>
View
4 wp-admin/ms-edit.php
@@ -9,4 +9,6 @@
require_once( './admin.php' );
-wp_redirect( network_admin_url() );
+wp_redirect( network_admin_url() );
+exit;
+?>
View
5 wp-admin/ms-sites.php
@@ -9,4 +9,7 @@
require_once( './admin.php' );
-wp_redirect( network_admin_url('sites.php') );
+wp_redirect( network_admin_url('sites.php') );
+exit;
+
+?>
View
4 wp-admin/ms-themes.php
@@ -9,4 +9,6 @@
require_once( './admin.php' );
-wp_redirect( network_admin_url('themes.php') );
+wp_redirect( network_admin_url('themes.php') );
+exit;
+?>
View
5 wp-admin/ms-upgrade-network.php
@@ -9,4 +9,7 @@
require_once('admin.php');
-wp_redirect( network_admin_url('upgrade.php') );
+wp_redirect( network_admin_url('upgrade.php') );
+exit;
+
+?>
View
4 wp-admin/ms-users.php
@@ -9,4 +9,6 @@
require_once( './admin.php' );
-wp_redirect( network_admin_url('users.php') );
+wp_redirect( network_admin_url('users.php') );
+exit;
+?>
View
5 wp-admin/network/admin.php
@@ -15,7 +15,8 @@
if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
-if ( ! is_main_site() )
+if ( ! is_main_site() ) {
wp_redirect( network_admin_url() );
-
+ exit;
+}
?>
View
4 wp-admin/network/edit.php
@@ -13,8 +13,10 @@
if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
-if ( empty( $_GET['action'] ) )
+if ( empty( $_GET['action'] ) ) {
wp_redirect( admin_url( 'index.php' ) );
+ exit;
+}
function confirm_delete_users( $users ) {
$current_user = wp_get_current_user();
View
1  wp-admin/network/site-info.php
@@ -58,6 +58,7 @@
restore_current_blog();
wp_redirect( add_query_arg( array( 'update' => 'updated', 'id' => $id ), 'site-info.php') );
+ exit;
}
if ( isset($_GET['update']) ) {
View
3  wp-admin/network/site-options.php
@@ -48,6 +48,7 @@
do_action( 'wpmu_update_blog_options' );
restore_current_blog();
wp_redirect( add_query_arg( array( 'update' => 'updated', 'id' => $id ), 'site-options.php') );
+ exit;
}
if ( isset($_GET['update']) ) {
@@ -131,4 +132,4 @@
</div>
<?php
-require('../admin-footer.php');
+require('../admin-footer.php');
View
2  wp-admin/network/site-users.php
@@ -279,4 +279,4 @@
</form>
</div>
<?php
-require('../admin-footer.php');
+require('../admin-footer.php');
View
1  wp-admin/plugin-editor.php
@@ -70,7 +70,6 @@
update_option('recently_activated', array($file => time()) + (array)get_option('recently_activated'));
wp_redirect(add_query_arg('_wpnonce', wp_create_nonce('edit-plugin-test_' . $file), "plugin-editor.php?file=$file&liveupdate=1&scrollto=$scrollto&networkwide=" . $network_wide));
- exit;
}
wp_redirect( self_admin_url("plugin-editor.php?file=$file&a=te&scrollto=$scrollto") );
} else {
View
3  wp-admin/post.php
@@ -85,6 +85,7 @@ function redirect_post($post_id = '') {
}
wp_redirect( apply_filters( 'redirect_post_location', $location, $post_id ) );
+ exit;
}
if ( isset( $_POST['deletepost'] ) )
@@ -265,7 +266,7 @@ function redirect_post($post_id = '') {
break;
default:
- wp_redirect( admin_url('edit.php') );
+ wp_redirect( admin_url('edit.php') );
exit();
break;
} // end switch
View
2  wp-admin/update-core.php
@@ -366,6 +366,7 @@ function do_dismiss_core_update() {
return;
dismiss_core_update( $update );
wp_redirect( wp_nonce_url('update-core.php?action=upgrade-core', 'upgrade-core') );
+ exit;
}
function do_undismiss_core_update() {
@@ -376,6 +377,7 @@ function do_undismiss_core_update() {
return;
undismiss_core_update( $version, $locale );
wp_redirect( wp_nonce_url('update-core.php?action=upgrade-core', 'upgrade-core') );
+ exit;
}
function no_update_actions($actions) {
View
5 wp-admin/user/admin.php
@@ -11,7 +11,8 @@
require_once( dirname(dirname(__FILE__)) . '/admin.php');
-if ( ! is_main_site() )
+if ( ! is_main_site() ) {
wp_redirect( user_admin_url() );
-
+ exit;
+}
?>
View
4 wp-atom.php
@@ -8,5 +8,5 @@
require( './wp-load.php' );
wp_redirect( get_bloginfo( 'atom_url' ), 301 );
-
-?>
+exit;
+?>
View
2  wp-comments-post.php
@@ -101,5 +101,5 @@
$location = apply_filters('comment_post_redirect', $location, $comment);
wp_redirect($location);
-
+exit;
?>
View
4 wp-commentsrss2.php
@@ -8,5 +8,5 @@
require( './wp-load.php' );
wp_redirect( get_bloginfo( 'comments_rss2_url' ), 301 );
-
-?>
+exit;
+?>
View
4 wp-feed.php
@@ -8,5 +8,5 @@
require( './wp-load.php' );
wp_redirect( get_bloginfo( get_default_feed() . '_url' ), 301 );
-
-?>
+exit;
+?>
View
3  wp-pass.php
@@ -16,4 +16,5 @@
setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
-?>
+exit;
+?>
View
4 wp-rdf.php
@@ -8,5 +8,5 @@
require( './wp-load.php' );
wp_redirect( get_bloginfo( 'rdf_url' ), 301 );
-
-?>
+exit;
+?>
View
4 wp-register.php
@@ -11,5 +11,5 @@
require('./wp-load.php');
wp_redirect( site_url('wp-login.php?action=register') );
-
-?>
+exit;
+?>
View
4 wp-rss.php
@@ -8,5 +8,5 @@
require( './wp-load.php' );
wp_redirect( get_bloginfo( 'rss_url' ), 301 );
-
-?>
+exit;
+?>
View
4 wp-rss2.php
@@ -8,5 +8,5 @@
require( './wp-load.php' );
wp_redirect( get_bloginfo( 'rss2_url' ), 301 );
-
-?>
+exit;
+?>
Please sign in to comment.
Something went wrong with that request. Please try again.