Changeset 12232
- Timestamp:
- 11/10/2022 03:59:53 AM (2 years ago)
- Location:
- sites/trunk/common/includes/wporg-sso
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/common/includes/wporg-sso/class-wporg-sso.php
r12223 r12232 231 231 } 232 232 233 // If it's a full URI, validate the host.234 if ( ! str_starts_with( $to, '/' ) && !$this->_is_valid_targeted_domain( $to ) ) {233 // This function MUST be passed a full URI, a relative or root-relative URI is not valid. 234 if ( ! $this->_is_valid_targeted_domain( $to ) ) { 235 235 $to = $this->_get_safer_redirect_to(); 236 236 } -
sites/trunk/common/includes/wporg-sso/wp-plugin.php
r12223 r12232 551 551 wp_set_current_user( (int) $user_id ); 552 552 wp_set_auth_cookie( (int) $user_id, (bool) $remember_me ); 553 554 if ( isset( $_GET['redirect_to'] ) ) { 555 $this->_safe_redirect( wp_unslash( $_GET['redirect_to'] ) ); 556 557 } elseif ( ! str_contains( $this->script, '/wp-login.php' ) ) { 558 // SSO login, no redirect_url, and on a not-a-login page. Remove sso arg and redirect to self. 559 $this->_safe_redirect( remove_query_arg( 'sso_token' ) ); 560 561 } else { 562 $this->_safe_redirect( home_url( '/' ) ); 563 564 } 565 exit; 553 } 554 555 if ( isset( $_GET['redirect_to'] ) ) { 556 $redirect_to = wp_unslash( $_GET['redirect_to'] ); 566 557 } else { 567 // Invalid auth, remove the query var. 568 $this->_safe_redirect( remove_query_arg( 'sso_token' ) ); 569 exit; 570 } 571 572 return false; 558 // Generate the current url based on the current hostname and request uri. 559 $redirect_to = set_url_scheme( 'http://' . $this->host . ( $_SERVER['REQUEST_URI'] ?? '/' ) ); 560 561 // Remove the sso_token parameter, as we've now used it. 562 $redirect_to = remove_query_arg( 'sso_token', $redirect_to ); 563 } 564 565 // If we're going to land on a login page, go back home to avoid a potential endless loop. 566 if ( str_contains( $redirect_to, '/wp-login.php' ) ) { 567 $redirect_to = home_url( '/' ); 568 } 569 570 $this->_safe_redirect( $redirect_to ); 571 exit; 573 572 } 574 573
Note: See TracChangeset
for help on using the changeset viewer.