Making WordPress.org


Ignore:
Timestamp:
09/24/2019 01:16:59 AM (5 years ago)
Author:
dd32
Message:

Login: Handle the various SSO routes a bit better when passing to reCaptcha.

See #4739.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions.php

    r9147 r9148  
    8484    // reCaptcha v3 is loaded on all login pages, not just the registration flow.
    8585    wp_enqueue_script( 'recaptcha-api-v3', 'https://www.google.com/recaptcha/api.js?onload=reCaptcha_v3_init&render=' . RECAPTCHA_V3_PUBKEY, array(), '3' );
     86    $login_route = WP_WPOrg_SSO::$matched_route;
     87    if ( ! $login_route || 'root' == $login_route ) {
     88        $login_route = 'login';
     89    }
     90    // reCaptcha only supports [a-Z _/] as the action.
     91    $login_route = preg_replace( '#[^a-z/_ ]#i', '_', $login_route );
     92
    8693    wp_add_inline_script(
    8794        'recaptcha-api-v3',
     
    8996            grecaptcha.execute(' .
    9097                json_encode( RECAPTCHA_V3_PUBKEY ) .
    91                 ', {action: ' . json_encode(
    92                     str_replace( '-', '_', WP_WPOrg_SSO::$matched_route ?: 'login' ) // Must match ^[a-Z_ ]$, but we use -
    93                 ) .' }
     98                ', {action: ' . json_encode( $login_route ) . ' }
    9499            ).then( function( token ) {
    95100                // Add the token to the "primary" form
Note: See TracChangeset for help on using the changeset viewer.