sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
33,776 Commits 2 Branches 473 Tags 137 MiB
PHP 76.7%
CSS 10.9%
JavaScript 9.2%
Modelica 2.4%
HTML 0.6%
Other 0.2%
Go to file
Jeremy Felt e3feb63e33 Multisite: Handle redirect to a user's subdomain properly during login 
`wp-login.php` uses `wp_safe_redirect()` for all redirects, even those that do not involve unsafe data from the request or referer.

When a user of a subdomain site attempts to login to a network site they do not have access to, the host in the redirect URL is treated as unsafe by `wp_safe_redirect()` as it has no immediate awareness as to which hosts are valid on the network. On a subdirectoy network, everything works as expected because the host is the same.

In this specific block of `wp-login.php`, all URLs are generated by WordPress and we can use `wp_redirect()` to handle the redirects. Users authenticating via other network sites will now be redirected properly. Hosts passed via the `redirect_to` query var will continue to be handled by `wp_safe_redirect()`.

Fixes #30598.


git-svn-id: https://develop.svn.wordpress.org/trunk@36867 602fd350-edb4-49c9-b593-d223f7449a82
 		2016-03-06 03:05:46 +00:00
src Multisite: Handle redirect to a user's subdomain properly during login 2016-03-06 03:05:46 +00:00
tests Ensure Description is respected in post type archive menu items. 2016-03-05 22:56:31 +00:00
tools/i18n i18n tools: In `StringExtractor` don't strip slashes from URLs. 2016-02-29 20:44:31 +00:00
.editorconfig
.gitignore Remove accidental .svn addition to .gitignore 2015-12-12 18:26:22 +00:00
.jshintrc Build: Prevent non-breaking spaces from accidentally being inserted into JavaScript files. 2015-11-12 12:04:55 +00:00
.travis.yml Remove PHP 7 from allowed failures list 2015-11-12 21:44:24 +00:00
Gruntfile.js Media: Add support for minified versions of wp-playlist.js, wp-mediaelement.js and wp-mediaelement.css. 2016-02-29 20:42:10 +00:00
package.json Update grunt-contrib-cssmin ~0.14.0 → ~1.0.0 2016-03-05 23:36:36 +00:00
phpunit.xml.dist Unit Tests: add `SpeedTrapListener` to `phpunit/includes` and add the config node to `phpunit.xml.dist`. 2015-10-16 00:27:28 +00:00
wp-cli.yml Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development. 2015-11-28 18:36:06 +00:00
wp-config-sample.php
wp-tests-config-sample.php Unit Tests: Correct comment in `wp-tests-config-sample.php`. 2016-01-21 20:24:12 +00:00