Making WordPress.org


Ignore:
Timestamp:
11/10/2022 03:59:53 AM (2 years ago)
Author:
dd32
Message:

Login: SSO: Pass a full URI to _safe_redirect() and remove relative-url support.

Supporting relative URIs causes some redirects to land on the incorrect domain.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r12223 r12232  
    231231            }
    232232
    233             // If it's a full URI, validate the host.
    234             if ( ! str_starts_with( $to, '/' ) && ! $this->_is_valid_targeted_domain( $to ) ) {
     233            // This function MUST be passed a full URI, a relative or root-relative URI is not valid.
     234            if ( ! $this->_is_valid_targeted_domain( $to ) ) {
    235235                $to = $this->_get_safer_redirect_to();
    236236            }
Note: See TracChangeset for help on using the changeset viewer.