WordPress.org
Get WordPress

Making WordPress.org

Changeset 14446


Ignore:
Timestamp:
05/01/2025 05:22:26 AM (8 months ago)
Author:
dd32
Message:

Login: SSO: Don't urldecode the redirect_to value, as PHP will have already done that for us.

Resolves WordCamp tickets missing acces tokens after login redirects.

See https://github.com/WordPress/wordcamp.org/pull/1469

File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r14070 r14446  
    383383                                    $get['redirect_to'] = $this->_get_safer_redirect_to();
    384384                                }
    385                                 $this->_safe_redirect( add_query_arg( $get, $this->sso_host_url . '/wp-login.php' ), 301 );
     385                                $this->_safe_redirect( add_query_arg( urlencode_deep( $get ), $this->sso_host_url . '/wp-login.php' ), 301 );
    386386                                return;
    387387                            } else {
     
    505505
    506506            if ( ! empty( $redirect ) ) {
    507                 $lostpassword_url = add_query_arg( 'redirect_to', $redirect, $lostpassword_url );
     507                $lostpassword_url = add_query_arg( 'redirect_to', urlencode( $redirect ), $lostpassword_url );
    508508            }
    509509
     
    705705            $redirect_to = $this->sso_host_url . '/loggedout';
    706706            if ( ! empty( $_REQUEST['redirect_to'] ) ) {
    707                 $requested_redirect_to = urldecode( wp_unslash( $_REQUEST['redirect_to'] ) );
     707                $requested_redirect_to = wp_unslash( $_REQUEST['redirect_to'] );
    708708                $redirect_to           = add_query_arg( 'redirect_to', urlencode( $requested_redirect_to ), $redirect_to );
    709709
Note: See TracChangeset for help on using the changeset viewer.