[wp-cvs] wordpress wp-comments-post.php, 1.16, 1.17 wp-login.php, 1.37, 1.38

Matthew Mullenweg saxmatt at users.sourceforge.net
Tue Oct 5 16:22:33 UTC 2004 

Update of /cvsroot/cafelog/wordpress
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv9545

Modified Files:
	wp-comments-post.php wp-login.php 
Log Message:
Better redirect cleaning.

Index: wp-comments-post.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-comments-post.php,v
retrieving revision 1.16
retrieving revision 1.17
diff -C2 -d -r1.16 -r1.17
*** wp-comments-post.php	5 Oct 2004 08:35:22 -0000	1.16
--- wp-comments-post.php	5 Oct 2004 16:22:31 -0000	1.17
***************
*** 90,96 ****
  }
  
! setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
! setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
! setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
  
  header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
--- 90,96 ----
  }
  
! setcookie('comment_author_' . COOKIEHASH, stripslashes($author), time() + 30000000, COOKIEPATH);
! setcookie('comment_author_email_' . COOKIEHASH, stripslashes($email), time() + 30000000, COOKIEPATH);
! setcookie('comment_author_url_' . COOKIEHASH, stripslashes($url), time() + 30000000, COOKIEPATH);
  
  header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
***************
*** 98,103 ****
  header('Cache-Control: no-cache, must-revalidate');
  header('Pragma: no-cache');
! $location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
! $location = preg_replace('|[^a-z?=&/~.:_-]|i', '', $location);
  
  if ($is_IIS) {
--- 98,103 ----
  header('Cache-Control: no-cache, must-revalidate');
  header('Pragma: no-cache');
! 
! $location = get_permalink($comment_ID);
  
  if ($is_IIS) {

Index: wp-login.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-login.php,v
retrieving revision 1.37
retrieving revision 1.38
diff -C2 -d -r1.37 -r1.38
*** wp-login.php	5 Oct 2004 08:35:22 -0000	1.37
--- wp-login.php	5 Oct 2004 16:22:31 -0000	1.38
***************
*** 140,144 ****
  		$log = $_POST['log'];
  		$pwd = $_POST['pwd'];
! 		$redirect_to = preg_replace('|[^a-z?=&/~.:_-]|i', '', $_POST['redirect_to']);
  	}
  	
--- 140,144 ----
  		$log = $_POST['log'];
  		$pwd = $_POST['pwd'];
! 		$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_POST['redirect_to']);
  	}

More information about the cvs mailing list