WordPress.org
Get WordPress

Making WordPress.org


Ignore:
Timestamp:
12/03/2015 03:14:47 PM (9 years ago)
Author:
stephdau
Message:

WPORG SSO (login.wordpress.org):

  • Adding an WPOrg_SSO::has_host() method to test if we have $_SERVERHTTP_HOST?
  • Testing for WPOrg_SSO::has_host() before proceeding,no need to if we don;t have one (EG: cron'd processes)
  • Adding a $_SERVER['HTTP_REFERER'] test to WPOrg_SSO::_get_safer_redirect_to(), which now also enables SSO for our Trac instances (see #1422) and improves it for our BB instances (see #1423).
File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r2098 r2150  
    2424            $this->sso_signup_url = 'https://wordpress.org/support/register.php'; // For now
    2525           
    26             $this->host   = $_SERVER['HTTP_HOST'];
    27             $this->script = $_SERVER['SCRIPT_NAME'];
     26            if ( ! empty( $_SERVER['HTTP_HOST'] ) ) {
     27                $this->host   = $_SERVER['HTTP_HOST'];
     28                $this->script = $_SERVER['SCRIPT_NAME'];
     29            }
    2830        }
    2931       
     
    7880        }
    7981       
     82       
     83        /**
     84         * Tests if the current process has $_SERVER['HTTP_HOST'] or not (EG: cron'd processes do not).
     85         *
     86         * @return boolean
     87         */
     88        public function has_host() {
     89            return ( ! empty( $this->host ) );
     90        }
     91       
    8092        /**
    8193         * Get a safe redirect URL (ie: a wordpress.org-based one) from $_REQUEST['redirect_to'] or a safe alternative.
     
    93105                    $redirect_to = $redirect_to_requested;
    94106                }
    95             } else {
     107            } else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) {
     108                // We didn't get a redirect_to, but we got a referrer, use that if a valid target.
     109                $redirect_to_referrer = $_SERVER['HTTP_REFERER'];
     110                if ( $this->_is_valid_targeted_domain( $redirect_to_referrer ) ) {
     111                    $redirect_to = $redirect_to_referrer;
     112                }
     113            } else{
    96114                // Otherwise, attempt to guess the parent dir of where they came from and validate that.
    97115                $redirect_to_source_parent = preg_replace( '/\/[^\/]+\.php\??.*$/', '/', "https://{$this->host}{$_SERVER['REQUEST_URI']}" );
Note: See TracChangeset for help on using the changeset viewer.