Merge pull request #15939 from woocommerce/fix/15911

Use wp_get_raw_referer in my account redirect, and validate all falling back to my account
2017-07-04 12:04:41 -03:00 · 2017-07-04 12:04:41 -03:00 · 888498deb0
parent 93a98ea91c 6f6f410ce1
commit 888498deb0
1 changed files with 3 additions and 3 deletions
--- a/includes/class-wc-form-handler.php
+++ b/includes/class-wc-form-handler.php
@ -920,13 +920,13 @@ class WC_Form_Handler {
 					if ( ! empty( $_POST['redirect'] ) ) {
 						$redirect = $_POST['redirect'];
-					} elseif ( wp_get_referer() ) {
+					} elseif ( wc_get_raw_referer() ) {
-						$redirect = wp_get_referer();
+						$redirect = wc_get_raw_referer();
 					} else {
 						$redirect = wc_get_page_permalink( 'myaccount' );
 					}
-					wp_redirect( apply_filters( 'woocommerce_login_redirect', $redirect, $user ) );
+					wp_redirect( wp_validate_redirect( apply_filters( 'woocommerce_login_redirect', $redirect, $user ), wc_get_page_permalink( 'myaccount' ) ) );
 					exit;
 				}
 			} catch ( Exception $e ) {