Changeset 12238

Timestamp:

11/11/2022 05:02:59 AM (2 years ago)

Author:

dd32

Message:

Login: SSO: Fix an infinite login redirect when the destination url is https://example.org////wp-admin.

This causes wp_set_auth_cookie() to fail to set the /wp-admin cookie, as the browser will reject it due to the path mismatch.

File:

• sites/trunk/common/includes/wporg-sso/class-wporg-sso.php (modified) (1 diff)

sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

@@ -237 +237 @@
             }
 
+            /*
+             * Collapse leading multiple slashes at the start of the path in the URL.
+             * This can cause problems with setting cookies when the redirect is to
+             * a SSO login destination such as `http://example.org//////wp-admin`.
+             */
+            $to = preg_replace( '!^(https?://[^/]+)/{2,}!', '$1/', $to );
+
             // In the event headers have been sent already, output a HTML redirect.
             if ( headers_sent() ) {