diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index 7638d5f..e2edd38 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -176,7 +176,7 @@ if ($links)
'.__('Edit').' ';
- echo '
link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').' ';
+ echo '
link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );" class="delete">'.__('Delete').' ';
echo '
';
echo "\n \n";
}
diff --git a/wp-admin/link.php b/wp-admin/link.php
index 6e3056d..ae61da3 100644
--- a/wp-admin/link.php
+++ b/wp-admin/link.php
@@ -76,7 +76,7 @@ switch ($action) {
add_link();
- header('Location: '.$_SERVER['HTTP_REFERER'].'?added=true');
+ header('Location: '.wp_get_referer().'?added=true');
break;
case 'save' :
diff --git a/wp-admin/options.php b/wp-admin/options.php
index f2752b9..020f0e1 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -118,8 +118,8 @@ take this action.
//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
}
- $referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
- $goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
+ $referred = remove_query_arg('updated' , wp_get_referer());
+ $goback = add_query_arg('updated', 'true', wp_get_referer());
$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
wp_redirect($goback);
break;
diff --git a/wp-admin/page.php b/wp-admin/page.php
index cd4d5cc..32fb2ae 100644
--- a/wp-admin/page.php
+++ b/wp-admin/page.php
@@ -106,12 +106,12 @@ case 'editpost':
$page_ID = edit_post();
if ($_POST['save']) {
- $location = $_SERVER['HTTP_REFERER'];
+ $location = wp_get_referer();
} elseif ($_POST['updatemeta']) {
- $location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+ $location = wp_get_referer() . '&message=2#postcustom';
} elseif ($_POST['deletemeta']) {
- $location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
- } elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+ $location = wp_get_referer() . '&message=3#postcustom';
+ } elseif (!empty($_POST['referredby']) && $_POST['referredby'] != wp_get_referer()) {
$location = $_POST['referredby'];
if ( $_POST['referredby'] == 'redo' )
$location = get_permalink( $page_ID );
@@ -142,7 +142,7 @@ case 'delete':
die( __('Error in deleting...') );
}
- $sendback = $_SERVER['HTTP_REFERER'];
+ $sendback = wp_get_referer();
if (strstr($sendback, 'page.php')) $sendback = get_settings('siteurl') .'/wp-admin/page.php';
elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
diff --git a/wp-admin/post.php b/wp-admin/post.php
index aad14e9..d603913 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -108,12 +108,12 @@ case 'editpost':
$post_ID = edit_post();
if ($_POST['save']) {
- $location = $_SERVER['HTTP_REFERER'];
+ $location = wp_get_referer();
} elseif ($_POST['updatemeta']) {
- $location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+ $location = wp_get_referer() . '&message=2#postcustom';
} elseif ($_POST['deletemeta']) {
- $location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
- } elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+ $location = wp_get_referer() . '&message=3#postcustom';
+ } elseif (!empty($_POST['referredby']) && $_POST['referredby'] != wp_get_referer()) {
$location = $_POST['referredby'];
if ( $_POST['referredby'] == 'redo' )
$location = get_permalink( $post_ID );
@@ -122,6 +122,7 @@ case 'editpost':
} else {
$location = 'post-new.php';
}
+
header ('Location: ' . $location); // Send user on their way while we keep working
exit();
@@ -144,7 +145,7 @@ case 'delete':
die( __('Error in deleting...') );
}
- $sendback = $_SERVER['HTTP_REFERER'];
+ $sendback = wp_get_referer();
if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post-new.php';
elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
diff --git a/wp-admin/update-links.php b/wp-admin/update-links.php
index 46a7f5a..eff00db 100644
--- a/wp-admin/update-links.php
+++ b/wp-admin/update-links.php
@@ -23,7 +23,7 @@ $http_request .= "\r\n";
$http_request .= $query_string;
$response = '';
-if( false !== ( $fs = fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
+if ( false !== ( $fs = @fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
fwrite($fs, $http_request);
while ( !feof($fs) )
$response .= fgets($fs, 1160); // One TCP-IP packet
diff --git a/wp-admin/upgrade.php b/wp-admin/upgrade.php
index 66f3fec..1a2ed1b 100644
--- a/wp-admin/upgrade.php
+++ b/wp-admin/upgrade.php
@@ -67,7 +67,7 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it
switch($step) {
case 0:
- $goback = wp_specialchars($_SERVER['HTTP_REFERER'], 1);
+ $goback = wp_specialchars(wp_get_referer());
?>
diff --git a/wp-includes/classes.php b/wp-includes/classes.php
index a4ecc54..976a727 100644
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -234,6 +234,7 @@ class WP {
nocache_headers();
if ( !empty($this->query_vars['error']) && '404' == $this->query_vars['error'] ) {
status_header( 404 );
+ @header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
} else if ( empty($this->query_vars['feed']) ) {
@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
} else {
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 61cd1b2..7d52ed9 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -1044,6 +1044,8 @@ function htmlentities2($myHTML) {
// Escape single quotes, specialchar double quotes, and fix line endings.
function js_escape($text) {
$text = wp_specialchars($text, 'double');
- return preg_replace("/\r?\n/", "\\n", addslashes($text));
+ $text = str_replace(''', "'", $text);
+ return preg_replace("/\r?\n/", "\\n", addslashes($text));
}
+
?>
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 1882962..63416a9 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -833,6 +833,33 @@ function wp_nonce_url($actionurl, $action = -1) {
function wp_nonce_field($action = -1) {
echo '
';
+ wp_referer_field();
+}
+
+function wp_referer_field() {
+ $ref = wp_specialchars($_SERVER['REQUEST_URI']);
+ echo '
';
+ if ( wp_get_original_referer() ) {
+ $original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+ echo '
';
+ }
+}
+
+function wp_original_referer_field() {
+ echo '
';
+}
+
+function wp_get_referer() {
+ foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
+ if ( !empty($ref) )
+ return $ref;
+ return false;
+}
+
+function wp_get_original_referer() {
+ if ( !empty($_REQUEST['_wp_original_http_referer']) )
+ return $_REQUEST['_wp_original_http_referer'];
+ return false;
}
function wp_mkdir_p($target) {
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 4d6f061..8724cd9 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -237,7 +237,7 @@ if ( !function_exists('check_admin_referer') ) :
function check_admin_referer($action = -1) {
global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
- $referer = strtolower($_SERVER['HTTP_REFERER']);
+ $referer = strtolower(wp_get_referer());
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
!(-1 == $action && strstr($referer, $adminurl)) ) {
if ( $referer )
diff --git a/wp-includes/vars.php b/wp-includes/vars.php
index bb1a18b..2573b27 100644
--- a/wp-includes/vars.php
+++ b/wp-includes/vars.php
@@ -1,7 +1,7 @@
\ No newline at end of file
+wp_redirect(wp_get_referer());
+?>
--
cgit