[wp-trac] [WordPress Trac] #19856: wp_get_referer() doesn't return false when the referer URL is the same as the current URL

[WordPress Trac]

#19856: wp_get_referer() doesn't return false when the referer URL is the same as
the current URL
--------------------------+-----------------------------
 Reporter:  garyc40       |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  3.3.1
 Severity:  normal        |   Keywords:  has-patch
--------------------------+-----------------------------
 Inside wp_get_referer(), there's this conditional statement:

 `if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )`

 It is there to ensure that wp_get_referer() doesn't return the same page
 I'm on. This is useful when redirecting because I can detect and avoid
 infinite redirection.

 According to PHP documentation, `$_SERVER['REQUEST_URI']` is only the URI
 on the host. As a result, the conditional statement above fails in this
 case:

 Let's say I was redirected from http://example.com/sample-uri to itself
 (either by clicking a link or a form submission). Then:

 {{{
 $ref = 'http://example.com/sample-uri';
 $_SERVER['REQUEST_URI'] = '/sample-uri';
 }}}

 So technically, the referrer is the same page, but wp_get_referer()
 doesn't return false as expected, because `$ref !==
 $_SERVER['REQUEST_URI']`.

 A better conditional statement would be:

 `if ( $ref && parse_url( $ref, PHP_URL_PATH ) !== $_SERVER['REQUEST_URI']
 )`

 Patch attached.

 I'm using PHP 5.3.6, Apache 2.2.20.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19856>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software