From 9876a3606fd95c23656a352d0b297dbf88e74f4a Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sat, 24 Jun 2006 05:38:37 +0000
Subject: [PATCH] wp_get_referer() and friends from robmiller and markjaquith.
 fixes #2800

git-svn-id: http://svn.automattic.com/wordpress/trunk@3908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/options.php      |  4 ++--
 wp-includes/functions.php | 28 ++++++++++++++++++++++++++++
 wp-includes/pluggable.php |  2 +-
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/wp-admin/options.php b/wp-admin/options.php
index 8ab7636f3..7c51b693b 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -77,8 +77,8 @@ case 'update':
 			//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
     }
     
-	$referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
-	$goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
+	$referred = remove_query_arg('updated' , wp_get_referer());
+	$goback = add_query_arg('updated', 'true', wp_get_referer());
 	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
 	wp_redirect($goback);
     break;
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 24e07a6f2..4280807ff 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -811,6 +811,34 @@ function wp_nonce_url($actionurl, $action = -1) {
 
 function wp_nonce_field($action = -1) {
 	echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+	wp_referer_field();
+}
+
+function wp_referer_field() {
+	$ref = ( false === wp_get_referer() ) ? $_SERVER['REQUEST_URI'] : wp_get_referer();
+	$ref = wp_specialchars(stripslashes($ref));
+	echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
+	if ( wp_get_original_referer() ) {
+		$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+		echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
+	}
+}
+
+function wp_original_referer_field() {
+	echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+}
+
+function wp_get_referer() {
+	foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
+		if ( !empty($ref) )
+			return $ref;
+	return false;
+}
+
+function wp_get_original_referer() {
+	if ( !empty($_REQUEST['_wp_original_http_referer']) )
+		return $_REQUEST['_wp_original_http_referer'];
+	return false;
 }
 
 function wp_mkdir_p($target) {
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 97d9339a4..6c09db074 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -231,7 +231,7 @@ if ( !function_exists('check_admin_referer') ) :
 function check_admin_referer($action = -1) {
 	global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
 	$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
-	$referer = strtolower($_SERVER['HTTP_REFERER']);
+	$referer = strtolower(wp_get_referer());
 	if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
 		!(-1 == $action && strstr($referer, $adminurl)) ) {
 		if ( $referer )