diff options
Diffstat (limited to 'wp-includes/pluggable.php')
-rw-r--r-- | wp-includes/pluggable.php | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 3668635..3774f50 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -327,8 +327,18 @@ function wp_redirect($location, $status = 302) { $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location); $location = wp_kses_no_null($location); + // remove %0d and %0a from location $strip = array('%0d', '%0a'); - $location = str_replace($strip, '', $location); + $found = true; + while($found) { + $found = false; + foreach($strip as $val) { + while(strpos($location, $val) !== false) { + $found = true; + $location = str_replace($val, '', $location); + } + } + } if ( $is_IIS ) { header("Refresh: 0;url=$location"); @@ -436,14 +446,14 @@ function wp_notify_postauthor($comment_id, $comment_type='') { $notify_message .= sprintf( __('Delete it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&c=$comment_id" ) . "\r\n"; $notify_message .= sprintf( __('Spam it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&dt=spam&c=$comment_id" ) . "\r\n"; - $admin_email = get_option('admin_email'); + $wp_email = get_option('admin_email'); if ( '' == $comment->comment_author ) { - $from = "From: \"$blogname\" <$admin_email>"; + $from = "From: \"$blogname\" <$wp_email>"; if ( '' != $comment->comment_author_email ) $reply_to = "Reply-To: $comment->comment_author_email"; } else { - $from = "From: \"$comment->comment_author\" <$admin_email>"; + $from = "From: \"$comment->comment_author\" <$wp_email>"; if ( '' != $comment->comment_author_email ) $reply_to = "Reply-To: \"$comment->comment_author_email\" <$comment->comment_author_email>"; } |