Making WordPress.org

Changeset 11046


Ignore:
Timestamp:
06/21/2021 05:36:48 AM (3 years ago)
Author:
dd32
Message:

Login: When a user is logged in, or an account creation link has already been used, redirect the user more appropriately to a page explaining the issue.

This removes a "random" redirect on certain Login pages that would result in the user redirected to the WordPress.org homepage, or support forums, with no further explanation.

Fixes #5754.

Location:
sites/trunk
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r10980 r11046  
    133133         * @return string Safe redirect URL from $_REQUEST['redirect_to']
    134134         */
    135         protected function _get_safer_redirect_to() {
     135        protected function _get_safer_redirect_to( $default = 'https://wordpress.org/' ) {
    136136            // Setup a default redirect to URL, with a safe version to only change if validation succeeds below.
    137             $redirect_to = ! empty( $_GET['action'] ) && in_array( $_GET['action'], array( 'logout', 'loggedout' ) ) ? '/loggedout/' : 'https://wordpress.org/';
     137            $redirect_to = ! empty( $_GET['action'] ) && in_array( $_GET['action'], array( 'logout', 'loggedout' ) ) ? '/loggedout/' : $default;
    138138
    139139            if ( ! empty( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) {
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r10979 r11046  
    1717         */
    1818        public $valid_sso_paths = array(
    19             'root'         => '/',
    20             'robots'       => '/robots\.txt',
    21             'checkemail'   => '/checkemail',
    22             'loggedout'    => '/loggedout',
    23             'lostpassword' => '/lostpassword(/(?P<user>[^/]+))?',
    24             'linkexpired'  => '/linkexpired(/(?P<reason>register|lostpassword)/(?P<user>[^/]+))?',
    25             'oauth'        => '/oauth',
    26 
    27             // Only for logged in users, but prior to cookies.
    28             'updated-tos'  => '/updated-policies',
    29         );
    30 
    31         /**
    32          * List of additional valid paths on login.wordpress.org for logged in requests.
    33          * @var array
    34          */
    35         public $valid_sso_paths_logged_in = array(
    36             'logout' => '/logout',
    37         );
    38 
    39         /**
    40          * List of additional valid paths on login.wordpress.org for logged-out requests.
    41          * @var array
    42          */
    43         public $valid_sso_paths_registration = array(
     19            'root'            => '/',
     20            'robots'          => '/robots\.txt',
     21            'checkemail'      => '/checkemail',
     22            'loggedout'       => '/loggedout',
     23            'lostpassword'    => '/lostpassword(/(?P<user>[^/]+))?',
     24            'linkexpired'     => '/linkexpired(/(?P<reason>[^/]+)(/(?P<user>[^/]+))?)?',
     25            'oauth'           => '/oauth',
     26
     27            // Primarily for logged in users.
     28            'updated-tos'     => '/updated-policies',
     29            'logout'          => '/logout',
     30
     31            // Primarily for logged out users.
    4432            'pending-profile' => '/register/create-profile(/(?P<profile_user>[^/]+)/(?P<profile_key>[^/]+))?',
    4533            'pending-create'  => '/register/create(/(?P<confirm_user>[^/]+)/(?P<confirm_key>[^/]+))?',
     
    220208                // Not in list of targeted domains, not interested, bail out
    221209                return;
    222             }
    223 
    224             // Extend paths which are only available for logged in users.
    225             if ( is_user_logged_in() ) {
    226                 $this->valid_sso_paths = array_merge(
    227                     $this->valid_sso_paths,
    228                     $this->valid_sso_paths_logged_in
    229                 );
    230 
    231             // Extend registration paths only when registration is open.
    232             } elseif ( 'user' === get_site_option( 'registration', 'none' ) ) {
    233                 $this->valid_sso_paths = array_merge(
    234                     $this->valid_sso_paths,
    235                     $this->valid_sso_paths_registration
    236                 );
    237210            }
    238211
     
    339312                                return;
    340313                            }
    341                         } else if ( is_user_logged_in() && 'logout' == self::$matched_route ) {
    342                             // No redirect, ask the user if they really want to log out.
    343                             return;
    344                         } else if ( 'robots' === self::$matched_route ) {
    345                             // No redirect, just display robots.
    346                         } else if ( is_user_logged_in() ) {
    347                             // Otherwise, redirect to the their profile.
    348                             $this->_redirect_to_source_or_profile();
    349314                        }
    350315                    } elseif (
     
    462427         */
    463428        protected function _redirect_to_source_or_profile() {
    464             $redirect = $this->_get_safer_redirect_to();
     429            $redirect = $this->_get_safer_redirect_to( false );
    465430
    466431            if ( $redirect ) {
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/linkexpired.php

    r10898 r11046  
    1414<h2 class="center"><?php _e( 'Link Expired', 'wporg' ); ?></h2>
    1515
    16 <p class="center"><?php _e( "The link you've followed has expired.", 'wporg' ); ?></p>
    17 
    1816<?php
    1917if ( 'register' == $reason && $user ) {
    20         echo '<p class="center"><a href="' . esc_url( home_url( '/register/' . urlencode( $user ) ) ) . '">' .
    21             sprintf(
    22                 /* translators: %s: An account name. */
    23                 __( 'Start over, and register %s.', 'wporg' ),
    24                 '<code>' . esc_html( $user ) . '</code>'
    25             ) .
    26             '</a></p>';
     18    echo '<p class="center">' . __( "The link you've followed has expired.", 'wporg' ) . '</p>';
     19
     20    echo '<p class="center"><a href="' . esc_url( home_url( '/register/' . urlencode( $user ) ) ) . '">' .
     21        sprintf(
     22            /* translators: %s: An account name. */
     23            __( 'Start over, and register %s.', 'wporg' ),
     24            '<code>' . esc_html( $user ) . '</code>'
     25        ) .
     26        '</a></p>';
    2727} elseif ( 'lostpassword' == $reason && $user ) {
     28    echo '<p class="center">' . __( "The link you've followed has expired.", 'wporg' ) . '</p>';
    2829    echo '<p class="center"><a href="' . esc_url( home_url( '/lostpassword/'  . urlencode( $user ) ) ) . '">' .
    2930            __( 'Reset your password.', 'wporg' ) .
    3031            '</a></p>';
     32} elseif ( 'account-created' === $reason ) {
     33    echo '<p class="center">' . __( "That account has already been created.", 'wporg' ) . '</p>';
     34
     35    echo '<p class="center"><a href="' . add_query_arg( 'user', $user, home_url() ) . '">' . __( 'Please login to continue.', 'wporg' ) . '</a></p>';
     36
     37    echo '<p class="center"><a href="' . esc_url( home_url( '/lostpassword/'  . urlencode( $user ) ) ) . '">' .
     38        __( 'Reset your password.', 'wporg' ) .
     39        '</a></p>';
     40
     41} elseif ( 'register-logged-in' === $reason ) {
     42    echo '<p class="center">' . sprintf(
     43        __( 'Please do not make multiple WordPress.org accounts. Please read the <a href="%s">Forum Guidelines</a> for more information.', 'wporg' ),
     44        'https://wordpress.org/support/guidelines/#do-not-create-multiple-accounts-sockpuppets'
     45    ) . '</p>';
     46
     47    echo '<p class="center">' . __( 'Please logout, and folow the link again to complete the registration.', 'wporg' ) . '</p>';
     48
     49    echo '<p class="center">' . sprintf(
     50        /* translators: %s: logout URL */
     51        __( 'Do you really want to <a href="%s">log out</a>?', 'wporg' ),
     52        wp_logout_url()
     53    ) . '</p>';
     54
     55} else {
     56    echo '<p class="center">' . __( "The link you've followed has expired.", 'wporg' ) . '</p>';
    3157}
    3258?>
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/login.php

    r11044 r11046  
    1111<?php
    1212wp_login_form( [
    13     // pre-fill the last user if their session has simply timed out.
    14     'value_username' => wp_parse_auth_cookie()['username'] ?? ''
     13    // pre-fill with a given username, or with the last user if their session has simply timed out.
     14    'value_username' => $_REQUEST['user'] ?? ( wp_parse_auth_cookie()['username'] ?? '' )
    1515] );
    1616?>
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/logout.php

    r7696 r11046  
    66 */
    77
     8// This will be validated at redirect time.
     9$redirect_to = !empty( $_GET['redirect_to'] ) ? $_GET['redirect_to'] : home_url( '/loggedout/' );
     10
     11if ( ! is_user_logged_in() ) {
     12    wp_safe_redirect( $redirect_to );
     13    exit;
     14}
     15
    816get_header();
    917?>
     
    1119
    1220<?php
    13 
    14 // This will be validated at redirect time.
    15 $redirect_to = !empty( $_GET['redirect_to'] ) ? $_GET['redirect_to'] : home_url( '/loggedout/' );
    1621
    1722printf(
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-create.php

    r10981 r11046  
    2626}
    2727
     28// Already logged in.. Warn about duplicate accounts, etc.
     29if ( is_user_logged_in() && $activation_user != wp_get_current_user()->user_login ) {
     30    wp_safe_redirect( home_url( '/linkexpired/register-logged-in' ) );
     31    exit;
     32}
     33
    2834$can_access = false;
    2935if ( $pending_user && $pending_user['user_activation_key'] && ! $pending_user['created'] ) {
     
    4248    }
    4349} elseif ( $pending_user && $pending_user['created'] ) {
    44     wp_safe_redirect( 'https://wordpress.org/support/' );
     50    wp_safe_redirect( home_url( '/linkexpired/account-created/' . urlencode( $pending_user['user_login'] ) ) );
    4551    die();
    4652}
    4753
    4854if ( ! $can_access ) {
    49     wp_safe_redirect( '/' );
     55    wp_safe_redirect( '/linkexpired' );
    5056    die();
    5157}
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-profile.php

    r10981 r11046  
    88$sso = WPOrg_SSO::get_instance();
    99
    10  // Migrate to cookies.
     10// Migrate to cookies.
    1111if ( !empty( $sso::$matched_route_params['profile_user'] ) ) {
    1212    setcookie( 'wporg_profile_user', $sso::$matched_route_params['profile_user'], time()+DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
     
    2121
    2222$pending_user = wporg_get_pending_user( $profile_user );
     23
     24// Already logged in.. Warn about duplicate accounts, etc.
     25if ( is_user_logged_in() ) {
     26    wp_safe_redirect( home_url( '/linkexpired/register-logged-in' ) );
     27    exit;
     28}
    2329
    2430$can_access = false;
     
    3743
    3844if ( $can_access && $pending_user['created']  ) {
    39     wp_safe_redirect( 'https://wordpress.org/support/' );
     45    wp_safe_redirect( home_url( '/linkexpired/account-created/' . urlencode( $pending_user['user_login'] ) ) );
    4046    die();
    4147} elseif ( ! $can_access ) {
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register.php

    r10928 r11046  
    1313if ( ! $user_login && ! empty( WP_WPOrg_SSO::$matched_route_params['user'] ) ) {
    1414    $user_login = trim( WP_WPOrg_SSO::$matched_route_params['user'] );
     15}
     16
     17// Already logged in.. Warn about duplicate accounts, etc.
     18if ( is_user_logged_in() ) {
     19    wp_safe_redirect( home_url( '/linkexpired/register-logged-in' ) );
     20    exit;
    1521}
    1622
Note: See TracChangeset for help on using the changeset viewer.