Making WordPress.org

Changeset 11490


Ignore:
Timestamp:
01/31/2022 06:24:57 AM (3 years ago)
Author:
dd32
Message:

SSO: Always include the current URL as the redirect_to (unless specified differently) on login URLs.

See #6058.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r11046 r11490  
    9494            if ( ! preg_match( '!wordpress\.org$!', $this->host ) ) {
    9595                $login_url = add_query_arg( 'from', $this->host, $login_url );
    96 
    97                 // Not all browsers send referers cross-origin, ensure that a redirect_to is set for this hostname.
    98                 if ( empty( $redirect_to ) ) {
    99                     $redirect_to = 'https://' . $this->host . $_SERVER['REQUEST_URI'];
    100                 }
     96            }
     97
     98            // Always include the redirect_to if not set, to avoid cross-origin redirect issues.
     99            if ( empty( $redirect_to ) ) {
     100                $redirect_to = 'https://' . $this->host . $_SERVER['REQUEST_URI'];
    101101            }
    102102
     
    107107
    108108            return $login_url;
    109 
    110109        }
    111110
Note: See TracChangeset for help on using the changeset viewer.