From cc44e72e615c769be3163030a9de0fa32be58bff Mon Sep 17 00:00:00 2001
From: Gary Ritchie <gary@rstudio.com>
Date: Fri, 22 Sep 2017 20:52:38 -0700
Subject: [PATCH] sanitize _POST

---
 includes/class-wc-form-handler.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php
index c8d6c0cd776..d61c8d3cca4 100644
--- a/includes/class-wc-form-handler.php
+++ b/includes/class-wc-form-handler.php
@@ -1087,7 +1087,7 @@ class WC_Form_Handler {
 				}
 
 				if ( ! empty( $_POST['redirect'] ) ) {
-					$redirect = $_POST['redirect'];
+					$redirect = wp_sanitize_redirect( $_POST['redirect'] );
 				} elseif ( wc_get_raw_referer() ) {
 					$redirect = wc_get_raw_referer();
 				} else {