Description: Improve redirection handling
 This patch was based on upstream fix for CVE-2017-9066
 (76d77e927bb4d0f87c7262a50e28d84e01fd2b11). Since wordpress version 3.6.1
 does not use the hooks schema that is used by the latest upstream version
 (4.8), I need to adapt it a bit. Before each redirection, the location is
 validated by wp_http_validate_url, if any error is found wordpress will
 return wp_http.redirect_failed_validation error.
 Modified by Craig as WordPress 4.1 has their redirections in one place,
 but still do not have the hooks as in 4.7
 CVE-2017-9066
Author: Lucas Kanashiro <kanashiro@debian.org>
Reviewed-by: Craig Small <csmall@debian.org>
Last-Update: 2018-01-06
--- a/wp-includes/class-http.php
+++ b/wp-includes/class-http.php
@@ -290,6 +290,19 @@
 		return $response;
 	}
 
+    /**
+	 * Validate redirected URLs.
+	 *
+	 * @param string $location URL to redirect to.
+    * @return A WP_Error instance upon error or null otherwise
+	 */
+	public static function validate_redirects( $location ) {
+		if ( ! wp_http_validate_url( $location ) ) {
+			return new WP_Error( 'wp_http.redirect_failed_validation', __( 'A valid URL was not provided.' ) );
+		}
+       return null;
+	}
+
 	/**
 	 * Tests which transports are capable of supporting the request.
 	 *
@@ -806,6 +819,14 @@
 		if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 )
 			return false;
 
+        // Validate redirected URLs.
+        if ( function_exists( 'wp_kses_bad_protocol' ) && $r['reject_unsafe_urls'] ) {
+            $error = validate_redirects( $processedHeaders['headers']['location'] );
+            if ( ! $error === null ) {
+                return $error;
+            }
+        }
+
 		// Don't redirect if we've run out of redirects.
 		if ( $args['redirection']-- <= 0 )
 			return new WP_Error( 'http_request_failed', __('Too many redirects.') );
