vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
33,776 Commits 1 Branch 0 Tags 243 MiB
PHP 80.5%
CSS 9.4%
JavaScript 8.5%
SCSS 0.9%
HTML 0.7%
e3feb63e33
Go to file
Jeremy Felt e3feb63e33 Multisite: Handle redirect to a user's subdomain properly during login 
`wp-login.php` uses `wp_safe_redirect()` for all redirects, even those that do not involve unsafe data from the request or referer.

When a user of a subdomain site attempts to login to a network site they do not have access to, the host in the redirect URL is treated as unsafe by `wp_safe_redirect()` as it has no immediate awareness as to which hosts are valid on the network. On a subdirectoy network, everything works as expected because the host is the same.

In this specific block of `wp-login.php`, all URLs are generated by WordPress and we can use `wp_redirect()` to handle the redirects. Users authenticating via other network sites will now be redirected properly. Hosts passed via the `redirect_to` query var will continue to be handled by `wp_safe_redirect()`.

Fixes #30598.


git-svn-id: https://develop.svn.wordpress.org/trunk@36867 602fd350-edb4-49c9-b593-d223f7449a82
2016-03-06 03:05:46 +00:00
src Multisite: Handle redirect to a user's subdomain properly during login 2016-03-06 03:05:46 +00:00
tests Ensure Description is respected in post type archive menu items. 2016-03-05 22:56:31 +00:00
tools/i18n i18n tools: In StringExtractor don't strip slashes from URLs. 2016-02-29 20:44:31 +00:00
.editorconfig Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:28:58 +00:00
.gitignore Remove accidental .svn addition to .gitignore 2015-12-12 18:26:22 +00:00
.jshintrc Build: Prevent non-breaking spaces from accidentally being inserted into JavaScript files. 2015-11-12 12:04:55 +00:00
.travis.yml Remove PHP 7 from allowed failures list 2015-11-12 21:44:24 +00:00
Gruntfile.js Media: Add support for minified versions of wp-playlist.js, wp-mediaelement.js and wp-mediaelement.css. 2016-02-29 20:42:10 +00:00
package.json Update grunt-contrib-cssmin ~0.14.0 → ~1.0.0 2016-03-05 23:36:36 +00:00
phpunit.xml.dist Unit Tests: add SpeedTrapListener to phpunit/includes and add the config node to phpunit.xml.dist. 2015-10-16 00:27:28 +00:00
wp-cli.yml Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development. 2015-11-28 18:36:06 +00:00
wp-config-sample.php Lightly clean up and improve inline documentation in wp-config-sample.php. 2015-05-10 00:05:30 +00:00
wp-tests-config-sample.php Unit Tests: Correct comment in wp-tests-config-sample.php. 2016-01-21 20:24:12 +00:00