Making WordPress.org


Ignore:
Timestamp:
05/29/2020 03:14:48 AM (4 years ago)
Author:
dd32
Message:

Login: Add remote-login functionality to the SSO login code.

This will allow for instances of WordPress in the WordPress.org network (and using it's user tables) to login via login.wordpress.org.

See #5239.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

    r7695 r9941  
    22if ( ! class_exists( 'WPOrg_SSO' ) ) {
    33    /**
    4      * Single Sign-On (SSO) handling for WordPress/bbPress instances under *.wordpress.org.
     4     * Single Sign-On (SSO) handling for WordPress/bbPress instances on wordpress.org.
    55     *
    66     * @author stephdau
     
    1010
    1111        const SUPPORT_EMAIL = 'forum-password-resets@wordpress.org';
     12
     13        const VALID_HOSTS = [
     14            'wordpress.org',
     15            'bbpress.org',
     16            'buddypress.org',
     17            'wordcamp.org'
     18        ];
    1219
    1320        public $sso_host_url;
     
    7683            }
    7784
     85            if ( ! preg_match( '!wordpress\.org$!', $this->host ) ) {
     86                $login_url = add_query_arg( 'from', $this->host, $login_url );
     87            }
     88
    7889            return $login_url;
    7990
     
    117128                // We didn't get a redirect_to, but we got a referrer, use that if a valid target.
    118129                $redirect_to_referrer = $_SERVER['HTTP_REFERER'];
    119                 if ( $this->_is_valid_targeted_domain( $redirect_to_referrer ) ) {
     130                if ( $this->_is_valid_targeted_domain( $redirect_to_referrer ) && self::SSO_HOST != parse_url( $redirect_to_referrer, PHP_URL_HOST ) ) {
    120131                    $redirect_to = $redirect_to_referrer;
    121132                }
    122             } else {
     133            } elseif ( self::SSO_HOST !== $this->host ) {
    123134                // Otherwise, attempt to guess the parent dir of where they came from and validate that.
    124135                $redirect_to_source_parent = preg_replace( '/\/[^\/]+\.php\??.*$/', '/', "https://{$this->host}{$_SERVER['REQUEST_URI']}" );
     
    132143
    133144        /**
    134          * Tests if the passed host/domain, or URL, is part of the WordPress.org domain.
     145         * Tests if the passed host/domain, or URL, is part of the WordPress.org network.
    135146         *
    136          * @param unknown $string A domain, hostname, or URL
     147         * @param unknown $host A domain, hostname, or URL
    137148         * @return boolean True is ok, false if not
    138149         */
    139         protected function _is_valid_targeted_domain( $string ) {
    140             if ( empty( $string ) || ! is_string( $string ) ) {
    141                 $string = '';
     150        protected function _is_valid_targeted_domain( $host ) {
     151            if ( empty( $host ) || ! is_string( $host ) || ! strstr( $host, '.' ) ) {
     152                return false;
    142153            }
    143154
    144             if ( strstr( $string , '/' ) ) {
    145                 $url = parse_url( $string );
    146                 $host = ( ! empty( $url['host'] ) ) ? $url['host'] : '';
    147             } else {
    148                 $host = $string;
     155            if ( strstr( $host, '/' ) ) {
     156                $host = parse_url( $host, PHP_URL_HOST );
    149157            }
    150158
    151             if ( ! empty( $host ) && strstr( $host , '.' ) ) {
    152                 return ( preg_match( '/^(.+\.)?wordpress\.org$/', $host ) ) ? true : false;
     159            if ( in_array( $host, self::VALID_HOSTS, true ) ) {
     160                return true;
    153161            }
    154162
    155             return false;
     163            // If not a top-level domain, shrink it down and try again.
     164            $top_level_host = implode( '.', array_slice( explode( '.', $host ), -2 ) );
     165
     166            return in_array( $top_level_host, self::VALID_HOSTS, true );
    156167        }
    157168
Note: See TracChangeset for help on using the changeset viewer.