From d86a90ba9efd2a923b9dc7e7a717aa8478fd43e4 Mon Sep 17 00:00:00 2001
From: Moon <moon.kyong@automattic.com>
Date: Thu, 6 Jun 2024 18:50:43 +1200
Subject: [PATCH] Only accept return_url when do_update_woocommerce is present
 (#48163)

* Accept return_url only when do_update_woocommerce exist

* Add changefile(s) from automation for the following project(s): woocommerce

* Update 48163-fix-db-update-redirect-issue

* Add changefile(s) from automation for the following project(s): woocommerce

* Update plugins/woocommerce/changelog/48163-fix-db-update-redirect-issue

Co-authored-by: Chi-Hsuan Huang <chihsuan.tw@gmail.com>

* Add changefile(s) from automation for the following project(s): woocommerce

---------

Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Chi-Hsuan Huang <chihsuan.tw@gmail.com>
---
 .../changelog/48163-fix-db-update-redirect-issue         | 4 ++++
 plugins/woocommerce/includes/class-wc-install.php        | 9 +++++----
 2 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 plugins/woocommerce/changelog/48163-fix-db-update-redirect-issue

diff --git a/plugins/woocommerce/changelog/48163-fix-db-update-redirect-issue b/plugins/woocommerce/changelog/48163-fix-db-update-redirect-issue
new file mode 100644
index 00000000000..20b4a6beba8
--- /dev/null
+++ b/plugins/woocommerce/changelog/48163-fix-db-update-redirect-issue
@@ -0,0 +1,4 @@
+Significance: minor
+Type: fix
+
+Fix db update notice redirection bug where it redirects without checking for db update action.  </details>  <details>  <summary>Changelog Entry Comment</summary>
\ No newline at end of file
diff --git a/plugins/woocommerce/includes/class-wc-install.php b/plugins/woocommerce/includes/class-wc-install.php
index 2dde45c543f..0f703584eec 100644
--- a/plugins/woocommerce/includes/class-wc-install.php
+++ b/plugins/woocommerce/includes/class-wc-install.php
@@ -423,10 +423,11 @@ class WC_Install {
 			check_admin_referer( 'wc_db_update', 'wc_db_update_nonce' );
 			self::update();
 			WC_Admin_Notices::add_notice( 'update', true );
-		}
-		if ( ! empty( $_GET['return_url'] ) ) { // WPCS: input var ok.
-			$return_url = esc_url_raw( wp_unslash( $_GET['return_url'] ) );
-			wp_safe_redirect( $return_url ); // WPCS: input var ok.
+
+			if ( ! empty( $_GET['return_url'] ) ) { // WPCS: input var ok.
+				$return_url = esc_url_raw( wp_unslash( $_GET['return_url'] ) );
+				wp_safe_redirect( $return_url ); // WPCS: input var ok.
+			}
 		}
 	}