[wp-trac] [WordPress Trac] #20507: 3.4 Preview/Customize page "Return to Manage Themes" link doesn't work as expected

WordPress Trac wp-trac at lists.automattic.com
Wed May 23 22:05:37 UTC 2012 

#20507: 3.4 Preview/Customize page "Return to Manage Themes" link doesn't work as
expected
--------------------------+--------------------------
 Reporter:  TomAuger      |       Owner:  koopersmith
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:  3.4
Component:  Appearance    |     Version:  3.4
 Severity:  normal        |  Resolution:
 Keywords:                |
--------------------------+--------------------------

Comment (by nacin):

 Below is a test case (drop it into mu-plugins) so it can be consistently
 reproduced.

 It sounds like our best bet is to watch for and intercept a 30x in JS.
 Then check where the redirect is going. If it is going somewhere
 internally (based on our origins), POST to that URL. If it is going
 somewhere externally, send us back to the home page with a POST.

 It looks like our current check that prevents external links from working
 also block URLs that are relative, a hash, or a query string. All three of
 these are allowed in esc_url() and should be considered internal URLs.

 {{{
 add_action( 'get_header', function() {
         echo '<a href="' . esc_url( add_query_arg( 'redirect', 'internal'
 ) ) . '">Redirect internally</a> &bull; <a href="' . esc_url(
 add_query_arg( 'redirect', 'external' ) )  . '">Redirect externally</a><br
 />';
         echo '<a href="/beta/">Root-relative link to home page that gets
 blocked :-(</a><br />';
         echo '<a href="#footer">Hash link that gets blocked :-(</a><br
 />';
         echo '<a href="?redirect=internal">Query string link that gets
 blocked :-(</a>';
 } );

 add_action( 'template_redirect', function() {
         if ( ! isset( $_GET['redirect'] ) )
                 return;

         if ( 'internal' == $_GET['redirect'] )
                 wp_redirect( get_permalink( 1 ) );
         else
                 wp_redirect( 'http://wordpress.org/' );

         exit;
 } );
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20507#comment:25>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list