Skip to:
Content

bbPress.org

Changeset 4552


Ignore:
Timestamp:
12/07/2012 08:01:06 AM (10 years ago)
Author:
johnjamesjacoby
Message:

In bbp_verify_nonce_request(), parse home_url() to remove any strange characters or query-strings that plugins might append to it. Fixes #2070.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/includes/common/functions.php

    r4548 r4552  
    14271427function bbp_verify_nonce_request( $action = '', $query_arg = '_wpnonce' ) {
    14281428
    1429     // Get the home URL
    1430     $home_url      = strtolower( home_url() );
     1429    // Parse home_url() into pieces to remove query-strings, strange characters,
     1430    // and other funny things that plugins might to do to it.
     1431    $parsed_home   = parse_url( home_url( '/', ( is_ssl() ? 'https://' : 'http://' ) ) );
     1432    $home_url      = trim( strtolower( $parsed_home['scheme'] . '://' . $parsed_home['host'] . $parsed_home['path'] ), '/' );
    14311433
    14321434    // Build the currently requested URL
Note: See TracChangeset for help on using the changeset viewer.