From aad26ece43b3d7e5aeb4b7e09df17c429a213886 Mon Sep 17 00:00:00 2001
From: Jb Audras <audrasjb@git.wordpress.org>
Date: Mon, 10 Oct 2022 18:57:44 +0000
Subject: [PATCH] General: Remove instances of `_wp_http_referer` from GET
 forms in the admin.

This changeset removes all instances of `_wp_http_referer` variable from the URL when creating a hidden input for `_wp_http_referer`. It prevents the hidden field from having an additional version of `_wp_http_referer` each time the form is submitted.

Props msolution, justinahinon, pbearne, mikeschroder, mukesh27, audrasjb, Clorith, chaion07, robinwpdeveloper, hztyfoon, davidbaumwald, costdev, adamsilverstein.
Fixes #54106.


git-svn-id: https://develop.svn.wordpress.org/trunk@54449 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/functions.php                 |  3 +-
 .../tests/functions/wpRefererField.php        | 46 +++++++++++++++++++
 2 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 36146132d7..77aaf718b1 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -1899,7 +1899,8 @@ function wp_nonce_field( $action = -1, $name = '_wpnonce', $referer = true, $ech
  * @return string Referer field HTML markup.
  */
 function wp_referer_field( $echo = true ) {
-	$referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
+	$request_url   = remove_query_arg( '_wp_http_referer' );
+	$referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_url( $request_url ) . '" />';
 
 	if ( $echo ) {
 		echo $referer_field;
diff --git a/tests/phpunit/tests/functions/wpRefererField.php b/tests/phpunit/tests/functions/wpRefererField.php
index d0642f4088..6442e7a0b9 100644
--- a/tests/phpunit/tests/functions/wpRefererField.php
+++ b/tests/phpunit/tests/functions/wpRefererField.php
@@ -29,4 +29,50 @@ class Tests_Functions_wpRefererField extends WP_UnitTestCase {
 
 		$this->assertSame( '<input type="hidden" name="_wp_http_referer" value="/test/" />', wp_referer_field( false ) );
 	}
+
+	/**
+	 * Tests that the echo argument is respected.
+	 *
+	 * @ticket 54106
+	 *
+	 * @dataProvider data_wp_referer_field_should_respect_echo_arg
+	 *
+	 * @param mixed $echo Whether to echo or return the referer field.
+	 */
+	public function test_wp_referer_field_should_respect_echo_arg( $echo ) {
+		$actual = $echo ? get_echo( 'wp_referer_field' ) : wp_referer_field( false );
+
+		$this->assertSame( '<input type="hidden" name="_wp_http_referer" value="" />', $actual );
+	}
+
+	/**
+	 * Data provider for test_wp_referer_field_should_respect_echo_arg().
+	 *
+	 * @return array
+	 */
+	public function data_wp_referer_field_should_respect_echo_arg() {
+		return array(
+			'true'         => array( true ),
+			'(int) 1'      => array( 1 ),
+			'(string) "1"' => array( '1' ),
+			'false'        => array( false ),
+			'null'         => array( null ),
+			'(int) 0'      => array( 0 ),
+			'(string) "0"' => array( '0' ),
+		);
+	}
+
+	/**
+	 * @ticket 54106
+	 */
+	public function test_wp_referer_field_with_referer() {
+		$old_request_uri        = $_SERVER['REQUEST_URI'];
+		$_SERVER['REQUEST_URI'] = 'edit.php?_wp_http_referer=edit.php';
+
+		$actual = wp_referer_field( false );
+
+		$_SERVER['REQUEST_URI'] = $old_request_uri;
+
+		$this->assertSame( '<input type="hidden" name="_wp_http_referer" value="edit.php" />', $actual );
+	}
 }