Making WordPress.org

Changeset 11045


Ignore:
Timestamp:
06/21/2021 04:46:29 AM (3 years ago)
Author:
dd32
Message:

Login: Add an additional layer of redirect location rememberance to the login site.

This should help the login site recall the redirect_to location even when Jetpack's brute-force protections kick in.

See #5754.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions.php

    r10981 r11045  
    519519    return esc_url( $url );
    520520}
     521
     522/**
     523 * Remember the source of where the user came from,
     524 * to allow redirects to be kept even when the redirect is lost.
     525 */
     526function wporg_remember_where_user_came_from() {
     527    if ( ! empty( $_COOKIE['wporg_came_from'] ) ) {
     528        return;
     529    }
     530
     531    $came_from = $_REQUEST['redirect_to'] ?? ( $_SERVER['HTTP_REFERER'] ?? '' );
     532    if ( ! $came_from ) {
     533        return;
     534    }
     535
     536    setcookie( 'wporg_came_from', $came_from, time() + 10*MINUTE_IN_SECONDS, '/', 'login.wordpress.org', true, true );
     537}
     538add_action( 'init', 'wporg_remember_where_user_came_from' );
     539
     540/**
     541 * Override the ultimate login location with the cookie value, if the redirect
     542 * is going to land the user on somewhere that they did not actually come from.
     543 */
     544function wporg_remember_where_user_came_from_redirect( $redirect, $requested_redirect_to, $user ) {
     545    if ( empty( $_COOKIE['wporg_came_from'] ) || is_wp_error( $user ) ) {
     546        return $redirect;
     547    }
     548
     549    // If the redirect is to a url that doesn't seem right, override it.
     550    $redirect_host = parse_url( $redirect, PHP_URL_HOST );
     551    $proper_host   = parse_url( $_COOKIE['wporg_came_from'], PHP_URL_HOST );
     552    if (
     553        $redirect_host != $proper_host &&
     554        in_array(
     555            $redirect_host,
     556            [
     557                'profiles.wordpress.org', // Default redirect for low-priv users.
     558                'login.wordpress.org',    // Default redirect for priv'd users.
     559            ]
     560        )
     561    ) {
     562        if ( wp_validate_redirect( $_COOKIE['wporg_came_from'] ) ) {
     563            $redirect = $_COOKIE['wporg_came_from'];
     564        }
     565    }
     566
     567    return $redirect;
     568}
     569add_filter( 'login_redirect', 'wporg_remember_where_user_came_from_redirect', 100, 3 );
Note: See TracChangeset for help on using the changeset viewer.