Context Navigation

Changeset 2166

Timestamp:

12/06/2015 04:46:41 PM (10 years ago)

Author:

stephdau

Message:

WPORG SSO (login.wordpress.org): properly url encoding redirect_to query string parameter.

Location:

sites/trunk/common/includes/wporg-sso

Files:

r2150	r2166
54	54
55	55	// Pay extra attention to the post-process redirect_to
56		$redirect_to_sso_login = add_query_arg( 'redirect_to', ~~$this->_get_safer_redirect_to(~~), $redirect_to_sso_login );
	56	$redirect_to_sso_login = add_query_arg( 'redirect_to', urlencode( $this->_get_safer_redirect_to() ), $redirect_to_sso_login );
57	57
58	58	// Redirect to SSO login, trying to pass on a decent redirect_to request.

r2150	r2166
74	74	if ( ! empty( $redirect_to ) && $this->_is_valid_targeted_domain( $redirect_to ) ) {
75	75	$redirect_to = preg_replace( '/\/wp-(login\|signup)\.php\??.*$/', '/', $redirect_to );
76		$login_url = add_query_arg( 'redirect_to', ~~$redirect_to~~, $login_url );
	76	$login_url = add_query_arg( 'redirect_to', urlencode( $redirect_to ), $login_url );
77	77	}
78	78	return $login_url;

-                      r2163
+                      r2166
             if ( preg_match( '/\/wp-signup\.php$/', $this->script ) ) {
                 // If we're on any WP signup screen, redirect to the SSO host one,respecting the user's redirect_to request
                 $this->_safe_redirect( add_query_arg( 'redirect_to', $redirect_req, $this->sso_signup_url ) );
+                $this->_safe_redirect( add_query_arg( 'redirect_to', urlencode( $redirect_req ), $this->sso_signup_url ) );
             } else if ( self::SSO_HOST !== $this->host ) {
 …
                     // Pay extra attention to the post-process redirect_to
                     $redirect_to_sso_login = add_query_arg( 'redirect_to', $redirect_req, $redirect_to_sso_login );
+                    $redirect_to_sso_login = add_query_arg( 'redirect_to', urlencode( $redirect_req ), $redirect_to_sso_login );
                     // And actually redirect to the SSO login

Note: See TracChangeset for help on using the changeset viewer.