Making WordPress.org


Ignore:
Timestamp:
12/06/2015 04:46:41 PM (9 years ago)
Author:
stephdau
Message:

WPORG SSO (login.wordpress.org): properly url encoding redirect_to query string parameter.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r2163 r2166  
    4545            if ( preg_match( '/\/wp-signup\.php$/', $this->script ) ) {
    4646                // If we're on any WP signup screen, redirect to the SSO host one,respecting the user's redirect_to request
    47                 $this->_safe_redirect( add_query_arg( 'redirect_to', $redirect_req, $this->sso_signup_url ) );
     47                $this->_safe_redirect( add_query_arg( 'redirect_to', urlencode( $redirect_req ), $this->sso_signup_url ) );
    4848           
    4949            } else if ( self::SSO_HOST !== $this->host ) {
     
    5959                   
    6060                    // Pay extra attention to the post-process redirect_to
    61                     $redirect_to_sso_login = add_query_arg( 'redirect_to', $redirect_req, $redirect_to_sso_login );
     61                    $redirect_to_sso_login = add_query_arg( 'redirect_to', urlencode( $redirect_req ), $redirect_to_sso_login );
    6262                   
    6363                    // And actually redirect to the SSO login
Note: See TracChangeset for help on using the changeset viewer.