WordPress.org

Making WordPress.org

Changeset 2336


Ignore:
Timestamp:
01/20/2016 03:19:31 PM (2 years ago)
Author:
stephdau
Message:

WordPress.org SSO: Improvement: Try to send people back to a better destination that just https://login.wordpress.org/loggedout/ (kept as fallback) when logging out, such as the page they instigated the logout from.

If said page is public, they will be sent bacck,loged out. If said page is private, they will once again be promted to login, as if they had accessed it directly.

See #1524

Location:
sites/trunk/common/includes/wporg-sso
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r2314 r2336  
    9696         */
    9797        protected function _get_safer_redirect_to() {
    98             // Setup a default redirect to URL, with a safe version toonly change if validation succeeds below.
    99             $redirect_to  = 'https://wordpress.org/';
     98            // Setup a default redirect to URL, with a safe version to only change if validation succeeds below.
     99            $redirect_to = in_array( $_GET['action'], array( 'logout', 'loggedout' ) ) ? '/loggedout/' : 'https://wordpress.org/';
    100100           
    101101            if ( ! empty( $_REQUEST['redirect_to'] ) ) {
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r2322 r2336  
    9898                                if ( in_array( $get['action'], array( 'logout', 'loggedout' ) ) ) {
    9999                                    // But make sure to show our custom screen when needed
    100                                     $get['redirect_to'] = '/loggedout/';
     100                                    $get['redirect_to'] = $this->_get_safer_redirect_to();
    101101                                }
    102102                                $this->_safe_redirect( add_query_arg( $get, $this->sso_login_url . '/wp-login.php' ) );
     
    175175
    176176            if ( ! empty( $_GET['redirect_to'] ) ) {
    177                 $this->_safe_redirect( wp_unslash( $_GET['redirect_to'] ) );
     177                $this->_safe_redirect( $this->_get_safer_redirect_to() );
    178178            } else {
    179179                $this->_safe_redirect( 'https://wordpress.org/support/profile/' . wp_get_current_user()->user_nicename );
Note: See TracChangeset for help on using the changeset viewer.