Always exit after wp_redirect. props filosofo, fixes #15518.

git-svn-id: http://svn.automattic.com/wordpress/trunk@16847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
mmbmurphy · Dec 9, 2010 · a717edc · a717edc
1 parent 0036c52
commit a717edc
Show file tree

Hide file tree

Showing 29 changed files with 64 additions and 36 deletions.
diff --git a/wp-admin/admin.php b/wp-admin/admin.php
@@ -178,13 +178,17 @@
 	if ( ! current_user_can('import') )
 		wp_die(__('You are not allowed to import.'));
 
-	if ( validate_file($importer) )
+	if ( validate_file($importer) ) {
 		wp_redirect( admin_url( 'import.php?invalid=' . $importer ) );
+		exit;
+	}
 
 	// Allow plugins to define importers as well
 	if ( !isset($wp_importers) || !isset($wp_importers[$importer]) || ! is_callable($wp_importers[$importer][2])) {
-		if (! file_exists(ABSPATH . "wp-admin/import/$importer.php"))
+		if (! file_exists(ABSPATH . "wp-admin/import/$importer.php")) {
 			wp_redirect( admin_url( 'import.php?invalid=' . $importer ) );
+			exit;
+		}
 		include(ABSPATH . "wp-admin/import/$importer.php");
 	}
 

diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php
@@ -507,12 +507,10 @@ function redirect_user_to_blog() {
 
 	if ( is_object( $blog ) ) {
 		wp_redirect( get_admin_url( $blog->blog_id, '?c=' . $c ) ); // redirect and count to 5, "just in case"
-		exit;
 	} else {
 		wp_redirect( user_admin_url( '?c=' . $c ) ); // redirect and count to 5, "just in case"
 	}
-
-	wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
+	exit;
 }
 add_action( 'admin_page_access_denied', 'redirect_user_to_blog', 99 );
 

diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
@@ -29,6 +29,7 @@
 		}
 
 		wp_redirect( add_query_arg('deleted', count( $bulklinks ), admin_url( 'link-manager.php' ) ) );
+		exit;
 	}
 } elseif ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
 	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );

diff --git a/wp-admin/media-upload.php b/wp-admin/media-upload.php
@@ -55,6 +55,7 @@
 			$location .= '?message=3';
 
 		wp_redirect( admin_url($location) );
+		exit;
 	}
 
 	$title = __('Upload New Media');

diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php
@@ -9,4 +9,5 @@
  */
 require_once('../wp-load.php');
 wp_redirect( admin_url('edit-comments.php?comment_status=moderated') );
+exit;
 ?>
diff --git a/wp-admin/ms-admin.php b/wp-admin/ms-admin.php
@@ -9,4 +9,6 @@
 
 require_once( './admin.php' );
 
-wp_redirect( network_admin_url() );
+wp_redirect( network_admin_url() );
+exit;
+?>
diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php
@@ -9,4 +9,6 @@
 
 require_once( './admin.php' );
 
-wp_redirect( network_admin_url() );
+wp_redirect( network_admin_url() );
+exit;
+?>
diff --git a/wp-admin/ms-sites.php b/wp-admin/ms-sites.php
@@ -9,4 +9,7 @@
 
 require_once( './admin.php' );
 
-wp_redirect( network_admin_url('sites.php') );
+wp_redirect( network_admin_url('sites.php') );
+exit;
+
+?>
diff --git a/wp-admin/ms-themes.php b/wp-admin/ms-themes.php
@@ -9,4 +9,6 @@
 
 require_once( './admin.php' );
 
-wp_redirect( network_admin_url('themes.php') );
+wp_redirect( network_admin_url('themes.php') );
+exit;
+?>
diff --git a/wp-admin/ms-upgrade-network.php b/wp-admin/ms-upgrade-network.php
@@ -9,4 +9,7 @@
 
 require_once('admin.php');
 
-wp_redirect( network_admin_url('upgrade.php') );
+wp_redirect( network_admin_url('upgrade.php') );
+exit;
+
+?>
diff --git a/wp-admin/ms-users.php b/wp-admin/ms-users.php
@@ -9,4 +9,6 @@
 
 require_once( './admin.php' );
 
-wp_redirect( network_admin_url('users.php') );
+wp_redirect( network_admin_url('users.php') );
+exit;
+?>
diff --git a/wp-admin/network/admin.php b/wp-admin/network/admin.php
@@ -15,7 +15,8 @@
 if ( ! is_multisite() )
 	wp_die( __( 'Multisite support is not enabled.' ) );
 
-if ( ! is_main_site() )
+if ( ! is_main_site() ) {
 	wp_redirect( network_admin_url() );
-
+	exit;
+}
 ?>
diff --git a/wp-admin/network/edit.php b/wp-admin/network/edit.php
@@ -13,8 +13,10 @@
 if ( ! is_multisite() )
 	wp_die( __( 'Multisite support is not enabled.' ) );
 
-if ( empty( $_GET['action'] ) )
+if ( empty( $_GET['action'] ) ) {
 	wp_redirect( admin_url( 'index.php' ) );
+	exit;
+}
 
 function confirm_delete_users( $users ) {
 	$current_user = wp_get_current_user();

diff --git a/wp-admin/network/site-info.php b/wp-admin/network/site-info.php
@@ -58,6 +58,7 @@
 
 	restore_current_blog();
 	wp_redirect( add_query_arg( array( 'update' => 'updated', 'id' => $id ), 'site-info.php') );
+	exit;
 }
 
 if ( isset($_GET['update']) ) {

diff --git a/wp-admin/network/site-options.php b/wp-admin/network/site-options.php
@@ -48,6 +48,7 @@
 	do_action( 'wpmu_update_blog_options' );
 	restore_current_blog();
 	wp_redirect( add_query_arg( array( 'update' => 'updated', 'id' => $id ), 'site-options.php') );
+	exit;
 }
 
 if ( isset($_GET['update']) ) {
@@ -131,4 +132,4 @@
 
 </div>
 <?php
-require('../admin-footer.php');
+require('../admin-footer.php');
diff --git a/wp-admin/network/site-users.php b/wp-admin/network/site-users.php
@@ -279,4 +279,4 @@
 </form>
 </div>
 <?php
-require('../admin-footer.php');
+require('../admin-footer.php');
diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php
@@ -70,7 +70,6 @@
 			update_option('recently_activated', array($file => time()) + (array)get_option('recently_activated'));
 
 			wp_redirect(add_query_arg('_wpnonce', wp_create_nonce('edit-plugin-test_' . $file), "plugin-editor.php?file=$file&liveupdate=1&scrollto=$scrollto&networkwide=" . $network_wide));
-			exit;
 		}
 		wp_redirect( self_admin_url("plugin-editor.php?file=$file&a=te&scrollto=$scrollto") );
 	} else {

diff --git a/wp-admin/post.php b/wp-admin/post.php
@@ -85,6 +85,7 @@ function redirect_post($post_id = '') {
 	}
 
 	wp_redirect( apply_filters( 'redirect_post_location', $location, $post_id ) );
+	exit;
 }
 
 if ( isset( $_POST['deletepost'] ) )
@@ -265,7 +266,7 @@ function redirect_post($post_id = '') {
 	break;
 
 default:
-		wp_redirect( admin_url('edit.php') );
+	wp_redirect( admin_url('edit.php') );
 	exit();
 	break;
 } // end switch

diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php
@@ -366,6 +366,7 @@ function do_dismiss_core_update() {
 		return;
 	dismiss_core_update( $update );
 	wp_redirect( wp_nonce_url('update-core.php?action=upgrade-core', 'upgrade-core') );
+	exit;
 }
 
 function do_undismiss_core_update() {
@@ -376,6 +377,7 @@ function do_undismiss_core_update() {
 		return;
 	undismiss_core_update( $version, $locale );
 	wp_redirect( wp_nonce_url('update-core.php?action=upgrade-core', 'upgrade-core') );
+	exit;
 }
 
 function no_update_actions($actions) {

diff --git a/wp-admin/user/admin.php b/wp-admin/user/admin.php
@@ -11,7 +11,8 @@
 
 require_once( dirname(dirname(__FILE__)) . '/admin.php');
 
-if ( ! is_main_site() )
+if ( ! is_main_site() ) {
 	wp_redirect( user_admin_url() );
-
+	exit;
+}
 ?>
diff --git a/wp-atom.php b/wp-atom.php
@@ -8,5 +8,5 @@
 
 require( './wp-load.php' );
 wp_redirect( get_bloginfo( 'atom_url' ), 301 );
-
-?>
+exit;
+?>
diff --git a/wp-comments-post.php b/wp-comments-post.php
@@ -101,5 +101,5 @@
 $location = apply_filters('comment_post_redirect', $location, $comment);
 
 wp_redirect($location);
-
+exit;
 ?>
diff --git a/wp-commentsrss2.php b/wp-commentsrss2.php
@@ -8,5 +8,5 @@
 
 require( './wp-load.php' );
 wp_redirect( get_bloginfo( 'comments_rss2_url' ), 301 );
-
-?>
+exit;
+?>
diff --git a/wp-feed.php b/wp-feed.php
@@ -8,5 +8,5 @@
 
 require( './wp-load.php' );
 wp_redirect( get_bloginfo( get_default_feed() . '_url' ), 301 );
-
-?>
+exit;
+?>
diff --git a/wp-pass.php b/wp-pass.php
@@ -16,4 +16,5 @@
 setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
 
 wp_safe_redirect(wp_get_referer());
-?>
+exit;
+?>
diff --git a/wp-rdf.php b/wp-rdf.php
@@ -8,5 +8,5 @@
 
 require( './wp-load.php' );
 wp_redirect( get_bloginfo( 'rdf_url' ), 301 );
-
-?>
+exit;
+?>
diff --git a/wp-register.php b/wp-register.php
@@ -11,5 +11,5 @@
 
 require('./wp-load.php');
 wp_redirect( site_url('wp-login.php?action=register') );
-
-?>
+exit;
+?>
diff --git a/wp-rss.php b/wp-rss.php
@@ -8,5 +8,5 @@
 
 require( './wp-load.php' );
 wp_redirect( get_bloginfo( 'rss_url' ), 301 );
-
-?>
+exit;
+?>
diff --git a/wp-rss2.php b/wp-rss2.php
@@ -8,5 +8,5 @@
 
 require( './wp-load.php' );
 wp_redirect( get_bloginfo( 'rss2_url' ), 301 );
-
-?>
+exit;
+?>
-Original file line number
+Diff line change
@@ Expand Up / @@ -29,6 +29,7 @@ @@
     		}
     		wp_redirect( add_query_arg('deleted', count( $bulklinks ), admin_url( 'link-manager.php' ) ) );
+    		exit;
     	}
     } elseif ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
     	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
@@ Expand Down @@