diff options
Diffstat (limited to 'wp-login.php')
| -rw-r--r-- | wp-login.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/wp-login.php b/wp-login.php index 86c5912..87c765f 100644 --- a/wp-login.php +++ b/wp-login.php @@ -30,7 +30,7 @@ case 'logout': $redirect_to = 'wp-login.php'; if ( isset($_REQUEST['redirect_to']) ) - $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_REQUEST['redirect_to']); + $redirect_to = $_REQUEST['redirect_to']; wp_redirect($redirect_to); exit(); @@ -173,7 +173,6 @@ default: $redirect_to = 'wp-admin/'; else $redirect_to = $_REQUEST['redirect_to']; - $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $redirect_to); if( $_POST ) { $user_login = $_POST['log']; @@ -242,7 +241,7 @@ if ( $error ) { <?php _e('Remember me'); ?></label></p> <p class="submit"> <input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> »" tabindex="4" /> - <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" /> + <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" /> </p> </form> <ul> |