Making WordPress.org


Ignore:
Timestamp:
01/20/2016 03:19:31 PM (8 years ago)
Author:
stephdau
Message:

WordPress.org SSO: Improvement: Try to send people back to a better destination that just https://login.wordpress.org/loggedout/ (kept as fallback) when logging out, such as the page they instigated the logout from.

If said page is public, they will be sent bacck,loged out. If said page is private, they will once again be promted to login, as if they had accessed it directly.

See #1524

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r2322 r2336  
    9898                                if ( in_array( $get['action'], array( 'logout', 'loggedout' ) ) ) {
    9999                                    // But make sure to show our custom screen when needed
    100                                     $get['redirect_to'] = '/loggedout/';
     100                                    $get['redirect_to'] = $this->_get_safer_redirect_to();
    101101                                }
    102102                                $this->_safe_redirect( add_query_arg( $get, $this->sso_login_url . '/wp-login.php' ) );
     
    175175
    176176            if ( ! empty( $_GET['redirect_to'] ) ) {
    177                 $this->_safe_redirect( wp_unslash( $_GET['redirect_to'] ) );
     177                $this->_safe_redirect( $this->_get_safer_redirect_to() );
    178178            } else {
    179179                $this->_safe_redirect( 'https://wordpress.org/support/profile/' . wp_get_current_user()->user_nicename );
Note: See TracChangeset for help on using the changeset viewer.