Description: Provide a fallback for incorrect HTTP referrers
 Remove an open redirect on the user edit screen
 The tag/term screen does not have this issue
 CVE-2017-14725
Author: ocean90@wordpress.org
Origin: upstream, https://core.trac.wordpress.org/changeset/41424/branches/4.1
Bug-Debian: https://bugs.debian.org/876274
Applied-Upstream: 4.8.2
Reviewed-by: Craig Small <csmall@debian.org>
Last-Update: 2017-10-10

--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -204,7 +204,7 @@
 	<p><strong><?php _e('User updated.') ?></strong></p>
 	<?php endif; ?>
 	<?php if ( $wp_http_referer && !IS_PROFILE_PAGE ) : ?>
-	<p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php _e('&larr; Back to Users'); ?></a></p>
+	<p><a href="<?php echo esc_url( wp_validate_redirect( wp_sanitize_redirect( $wp_http_referer ), self_admin_url( 'users.php' ) ) ); ?>"><?php _e('&larr; Back to Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>
