Making WordPress.org

Changeset 12232


Ignore:
Timestamp:
11/10/2022 03:59:53 AM (2 years ago)
Author:
dd32
Message:

Login: SSO: Pass a full URI to _safe_redirect() and remove relative-url support.

Supporting relative URIs causes some redirects to land on the incorrect domain.

Location:
sites/trunk/common/includes/wporg-sso
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r12223 r12232  
    231231            }
    232232
    233             // If it's a full URI, validate the host.
    234             if ( ! str_starts_with( $to, '/' ) && ! $this->_is_valid_targeted_domain( $to ) ) {
     233            // This function MUST be passed a full URI, a relative or root-relative URI is not valid.
     234            if ( ! $this->_is_valid_targeted_domain( $to ) ) {
    235235                $to = $this->_get_safer_redirect_to();
    236236            }
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r12223 r12232  
    551551                wp_set_current_user( (int) $user_id );
    552552                wp_set_auth_cookie( (int) $user_id, (bool) $remember_me );
    553 
    554                 if ( isset( $_GET['redirect_to'] ) ) {
    555                     $this->_safe_redirect( wp_unslash( $_GET['redirect_to'] ) );
    556 
    557                 } elseif ( ! str_contains( $this->script, '/wp-login.php' ) ) {
    558                     // SSO login, no redirect_url, and on a not-a-login page. Remove sso arg and redirect to self.
    559                     $this->_safe_redirect( remove_query_arg( 'sso_token' ) );
    560 
    561                 } else {
    562                     $this->_safe_redirect( home_url( '/' ) );
    563 
    564                 }
    565                 exit;
     553            }
     554
     555            if ( isset( $_GET['redirect_to'] ) ) {
     556                $redirect_to = wp_unslash( $_GET['redirect_to'] );
    566557            } else {
    567                 // Invalid auth, remove the query var.
    568                 $this->_safe_redirect( remove_query_arg( 'sso_token' ) );
    569                 exit;
    570             }
    571 
    572             return false;
     558                // Generate the current url based on the current hostname and request uri.
     559                $redirect_to = set_url_scheme( 'http://' . $this->host . ( $_SERVER['REQUEST_URI'] ?? '/' ) );
     560
     561                // Remove the sso_token parameter, as we've now used it.
     562                $redirect_to = remove_query_arg( 'sso_token', $redirect_to );
     563            }
     564
     565            // If we're going to land on a login page, go back home to avoid a potential endless loop.
     566            if ( str_contains( $redirect_to, '/wp-login.php' ) ) {
     567                $redirect_to = home_url( '/' );
     568            }
     569
     570            $this->_safe_redirect( $redirect_to );
     571            exit;
    573572        }
    574573
Note: See TracChangeset for help on using the changeset viewer.