Changeset 2336
- Timestamp:
- 01/20/2016 03:19:31 PM (9 years ago)
- Location:
- sites/trunk/common/includes/wporg-sso
- Files:
-
- 2 edited
-
class-wporg-sso.php (modified) (1 diff)
-
wp-plugin.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/common/includes/wporg-sso/class-wporg-sso.php
r2314 r2336 96 96 */ 97 97 protected function _get_safer_redirect_to() { 98 // Setup a default redirect to URL, with a safe version to only change if validation succeeds below.99 $redirect_to ='https://wordpress.org/';98 // Setup a default redirect to URL, with a safe version to only change if validation succeeds below. 99 $redirect_to = in_array( $_GET['action'], array( 'logout', 'loggedout' ) ) ? '/loggedout/' : 'https://wordpress.org/'; 100 100 101 101 if ( ! empty( $_REQUEST['redirect_to'] ) ) { -
sites/trunk/common/includes/wporg-sso/wp-plugin.php
r2322 r2336 98 98 if ( in_array( $get['action'], array( 'logout', 'loggedout' ) ) ) { 99 99 // But make sure to show our custom screen when needed 100 $get['redirect_to'] = '/loggedout/';100 $get['redirect_to'] = $this->_get_safer_redirect_to(); 101 101 } 102 102 $this->_safe_redirect( add_query_arg( $get, $this->sso_login_url . '/wp-login.php' ) ); … … 175 175 176 176 if ( ! empty( $_GET['redirect_to'] ) ) { 177 $this->_safe_redirect( wp_unslash( $_GET['redirect_to']) );177 $this->_safe_redirect( $this->_get_safer_redirect_to() ); 178 178 } else { 179 179 $this->_safe_redirect( 'https://wordpress.org/support/profile/' . wp_get_current_user()->user_nicename );
Note: See TracChangeset
for help on using the changeset viewer.