diff --git a/wp-admin/options.php b/wp-admin/options.php
index 8ab7636f3..7c51b693b 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -77,8 +77,8 @@ case 'update':
//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
}
- $referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
- $goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
+ $referred = remove_query_arg('updated' , wp_get_referer());
+ $goback = add_query_arg('updated', 'true', wp_get_referer());
$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
wp_redirect($goback);
break;
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 24e07a6f2..4280807ff 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -811,6 +811,34 @@ function wp_nonce_url($actionurl, $action = -1) {
function wp_nonce_field($action = -1) {
echo '';
+ wp_referer_field();
+}
+
+function wp_referer_field() {
+ $ref = ( false === wp_get_referer() ) ? $_SERVER['REQUEST_URI'] : wp_get_referer();
+ $ref = wp_specialchars(stripslashes($ref));
+ echo '';
+ if ( wp_get_original_referer() ) {
+ $original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+ echo '';
+ }
+}
+
+function wp_original_referer_field() {
+ echo '';
+}
+
+function wp_get_referer() {
+ foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
+ if ( !empty($ref) )
+ return $ref;
+ return false;
+}
+
+function wp_get_original_referer() {
+ if ( !empty($_REQUEST['_wp_original_http_referer']) )
+ return $_REQUEST['_wp_original_http_referer'];
+ return false;
}
function wp_mkdir_p($target) {
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 97d9339a4..6c09db074 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -231,7 +231,7 @@ if ( !function_exists('check_admin_referer') ) :
function check_admin_referer($action = -1) {
global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
- $referer = strtolower($_SERVER['HTTP_REFERER']);
+ $referer = strtolower(wp_get_referer());
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
!(-1 == $action && strstr($referer, $adminurl)) ) {
if ( $referer )