WordPress.org

Making WordPress.org

Changeset 2150


Ignore:
Timestamp:
12/03/2015 03:14:47 PM (6 years ago)
Author:
stephdau
Message:

WPORG SSO (login.wordpress.org):

  • Adding an WPOrg_SSO::has_host() method to test if we have $_SERVERHTTP_HOST?
  • Testing for WPOrg_SSO::has_host() before proceeding,no need to if we don;t have one (EG: cron'd processes)
  • Adding a $_SERVER['HTTP_REFERER'] test to WPOrg_SSO::_get_safer_redirect_to(), which now also enables SSO for our Trac instances (see #1422) and improves it for our BB instances (see #1423).
Location:
sites/trunk/common/includes/wporg-sso
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/bb-plugin.php

    r2135 r2150  
    1818            parent::__construct();
    1919
    20             add_action( 'bb_init', array( &$this, 'redirect_all_login_or_signup_to_sso' ) );
     20            if ( $this->has_host() ) {
     21                add_action( 'bb_init', array( &$this, 'redirect_all_login_or_signup_to_sso' ) );
     22            }
    2123        }
    2224       
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r2098 r2150  
    2424            $this->sso_signup_url = 'https://wordpress.org/support/register.php'; // For now
    2525           
    26             $this->host   = $_SERVER['HTTP_HOST'];
    27             $this->script = $_SERVER['SCRIPT_NAME'];
     26            if ( ! empty( $_SERVER['HTTP_HOST'] ) ) {
     27                $this->host   = $_SERVER['HTTP_HOST'];
     28                $this->script = $_SERVER['SCRIPT_NAME'];
     29            }
    2830        }
    2931       
     
    7880        }
    7981       
     82       
     83        /**
     84         * Tests if the current process has $_SERVER['HTTP_HOST'] or not (EG: cron'd processes do not).
     85         *
     86         * @return boolean
     87         */
     88        public function has_host() {
     89            return ( ! empty( $this->host ) );
     90        }
     91       
    8092        /**
    8193         * Get a safe redirect URL (ie: a wordpress.org-based one) from $_REQUEST['redirect_to'] or a safe alternative.
     
    93105                    $redirect_to = $redirect_to_requested;
    94106                }
    95             } else {
     107            } else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) {
     108                // We didn't get a redirect_to, but we got a referrer, use that if a valid target.
     109                $redirect_to_referrer = $_SERVER['HTTP_REFERER'];
     110                if ( $this->_is_valid_targeted_domain( $redirect_to_referrer ) ) {
     111                    $redirect_to = $redirect_to_referrer;
     112                }
     113            } else{
    96114                // Otherwise, attempt to guess the parent dir of where they came from and validate that.
    97115                $redirect_to_source_parent = preg_replace( '/\/[^\/]+\.php\??.*$/', '/', "https://{$this->host}{$_SERVER['REQUEST_URI']}" );
  • sites/trunk/common/includes/wporg-sso/gp-plugin.php

    r2098 r2150  
    1212        function __construct() {
    1313            parent::__construct();
     14           
    1415            // Load SSO lib
    1516            $this->instantiate_sso();
    16             // Actions
    17             $this->add_action( 'init' );
    18             // Filters
    19             $this->add_filter( 'gp_url', array( 'args' => 3 ) );
     17           
     18            if ( $this->sso_obj->has_host() ) {
     19                // Actions
     20                $this->add_action( 'init' );
     21                // Filters
     22                $this->add_filter( 'gp_url', array( 'args' => 3 ) );
     23            }
    2024        }
    2125       
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r2135 r2150  
    1818            parent::__construct();
    1919
    20             add_action( 'init', array( &$this, 'redirect_all_login_or_signup_to_sso' ) );
     20            if ( $this->has_host() ) {
     21                add_action( 'init', array( &$this, 'redirect_all_login_or_signup_to_sso' ) );
     22            }
    2123        }
    2224   
Note: See TracChangeset for help on using the changeset viewer.