Making WordPress.org


Ignore:
Timestamp:
05/14/2016 01:27:51 PM (8 years ago)
Author:
ocean90
Message:

WordPress.org SSO: Remove trailing spaces.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r2338 r3145  
    33    /**
    44     * Single Sign-On (SSO) handling for WordPress/bbPress/GlotPress instances under *.wordpress.org.
    5      * 
     5     *
    66     * @author stephdau
    77     */
    88    class WPOrg_SSO {
    99        const SSO_HOST = 'login.wordpress.org';
    10        
     10
    1111        public $sso_host_url;
    1212        public $sso_login_url;
    1313        public $sso_signup_url;
    14        
     14
    1515        public $host;
    1616        public $script;
    17        
     17
    1818        /**
    1919         * Constructor, instantiate common properties
     
    2323            $this->sso_login_url  = $this->sso_host_url . '/';
    2424            $this->sso_signup_url = 'https://wordpress.org/support/register.php'; // For now
    25            
     25
    2626            if ( ! empty( $_SERVER['HTTP_HOST'] ) ) {
    2727                $this->host   = $_SERVER['HTTP_HOST'];
     
    2929            }
    3030        }
    31        
     31
    3232        /**
    3333         * Checks if the requested redirect_to URL is part of the wordpress.org empire, adds it as an redirect host if so.
     
    3535         * @param array $hosts Currently allowed hosts
    3636         * @return array $hosts Edited lists of allowed hosts
    37          * 
     37         *
    3838         * @example add_filter( 'allowed_redirect_hosts', array( &$this, 'add_allowed_redirect_host' ) );
    3939        */
     
    4747                $host = self::SSO_HOST;
    4848            }
    49        
     49
    5050            // If we got a host by now, it's a safe wordpress.org-based one, add it to the list of allowed redirects
    5151            if ( ! empty( $host ) && ! in_array( $host, $hosts ) ){
    5252                $hosts[] = $host;
    5353            }
    54        
     54
    5555            // Return list of allowed hosts
    5656            return $hosts;
    5757        }
    58        
     58
    5959        /**
    6060         * Returns the SSO login URL, with redirect_to as requested, if deemed valid.
    61          * 
     61         *
    6262         * @param string $redirect_to
    6363         * @param string $filter_redirect_to When used with the WP login_url filter, the redirect_to is passed as a 2nd arg instead.
    6464         * @return string
    65          * 
     65         *
    6666         * @example Use directly, or through add_action( 'login_url', array( &$wporg_sso, 'login_url' ), 10, 2 );
    6767         */
     
    7777            }
    7878            return $login_url;
    79            
     79
    8080        }
    81        
    82        
     81
     82
    8383        /**
    8484         * Tests if the current process has $_SERVER['HTTP_HOST'] or not (EG: cron'd processes do not).
    85          * 
     85         *
    8686         * @return boolean
    8787         */
     
    8989            return ( ! empty( $this->host ) );
    9090        }
    91        
     91
    9292        /**
    9393         * Get a safe redirect URL (ie: a wordpress.org-based one) from $_REQUEST['redirect_to'] or a safe alternative.
    94          * 
     94         *
    9595         * @return string Safe redirect URL from $_REQUEST['redirect_to']
    9696         */
     
    9898            // Setup a default redirect to URL, with a safe version to only change if validation succeeds below.
    9999            $redirect_to = ! empty( $_GET['action'] ) && in_array( $_GET['action'], array( 'logout', 'loggedout' ) ) ? '/loggedout/' : 'https://wordpress.org/';
    100            
     100
    101101            if ( ! empty( $_REQUEST['redirect_to'] ) ) {
    102102                // User is requesting a further redirect afterward, let's make sure it's a legit target.
    103                 $redirect_to_requested = function_exists( 'wp_sanitize_redirect' ) ? wp_sanitize_redirect( $_REQUEST['redirect_to'] ) : $_REQUEST['redirect_to'];
     103                $redirect_to_requested = function_exists( 'wp_sanitize_redirect' ) ? wp_sanitize_redirect( $redirect_to ) : $redirect_to;
    104104                if ( $this->_is_valid_targeted_domain( $redirect_to_requested ) ) {
    105105                    $redirect_to = $redirect_to_requested;
     
    118118                }
    119119            }
    120            
     120
    121121            return $redirect_to;
    122122        }
    123        
     123
    124124        /**
    125125         * Tests if the passed host/domain, or URL, is part of the WordPress.org domain.
    126          * 
     126         *
    127127         * @param unknown $string A domain, hostname, or URL
    128128         * @return boolean True is ok, false if not
     
    132132                $string = '';
    133133            }
    134            
     134
    135135            if ( strstr( $string , '/' ) ) {
    136136                $url = parse_url( $string );
     
    139139                $host = $string;
    140140            }
    141            
     141
    142142            if ( ! empty( $host ) && strstr( $host , '.' ) ) {
    143143                return ( preg_match( '/^(.+\.)?wordpress\.org$/', $host ) ) ? true : false;
    144144            }
    145            
     145
    146146            return false;
    147147        }
     
    149149        /**
    150150         * Validates if target URL is within our bounds, then redirects to it if so, or to WP.org homepage (returns if headers already sent).
    151          * 
     151         *
    152152         * @param string $to Destination URL
    153153         * @param number $status HTTP redirect status, defaults to 302
    154          * 
     154         *
    155155         * @note: using our own over wp_safe_redirect(), etc, because not all targeted platforms (WP/BB/GP/etc) implement an equivalent, we run early, etc.
    156156         */
     
    159159                return;
    160160            }
    161            
     161
    162162            if ( ! $this->_is_valid_targeted_domain( $to ) ) {
    163163                $to = $this->_get_safer_redirect_to();
    164164            }
    165            
     165
    166166            header(
    167167                'Location: ' . $to,
     
    169169                preg_match( '/^30(1|2)$/', $status ) ? $status : 302
    170170            );
    171            
     171
    172172            die();
    173173        }
Note: See TracChangeset for help on using the changeset viewer.