Making WordPress.org


Ignore:
Timestamp:
03/07/2018 03:31:56 AM (7 years ago)
Author:
dd32
Message:

WordPress.org SSO: Ensure that redirect_to is a string and not an array before using it, to prevent getting stuck in an infinite loop in bbPress 1.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r6676 r6835  
    109109            $redirect_to = ! empty( $_GET['action'] ) && in_array( $_GET['action'], array( 'logout', 'loggedout' ) ) ? '/loggedout/' : 'https://wordpress.org/';
    110110
    111             if ( ! empty( $_REQUEST['redirect_to'] ) ) {
     111            if ( ! empty( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) {
    112112                // User is requesting a further redirect afterward, let's make sure it's a legit target.
    113113                $redirect_to_requested = str_replace( ' ', '%20', $_REQUEST['redirect_to'] ); // Encode spaces.
Note: See TracChangeset for help on using the changeset viewer.