[wp-trac] [WordPress Trac] #30598: Multisite Subdomain doesn't properly redirect users logging in to the primary site
WordPress Trac
noreply at wordpress.org
Sun Mar 6 03:05:49 UTC 2016
#30598: Multisite Subdomain doesn't properly redirect users logging in to the
primary site
--------------------------------+-------------------------
Reporter: Ipstenu | Owner: jeremyfelt
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.5
Component: Networks and Sites | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch | Focuses: multisite
--------------------------------+-------------------------
Changes (by jeremyfelt):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"36867"]:
{{{
#!CommitTicketReference repository="" revision="36867"
Multisite: Handle redirect to a user's subdomain properly during login
`wp-login.php` uses `wp_safe_redirect()` for all redirects, even those
that do not involve unsafe data from the request or referer.
When a user of a subdomain site attempts to login to a network site they
do not have access to, the host in the redirect URL is treated as unsafe
by `wp_safe_redirect()` as it has no immediate awareness as to which hosts
are valid on the network. On a subdirectoy network, everything works as
expected because the host is the same.
In this specific block of `wp-login.php`, all URLs are generated by
WordPress and we can use `wp_redirect()` to handle the redirects. Users
authenticating via other network sites will now be redirected properly.
Hosts passed via the `redirect_to` query var will continue to be handled
by `wp_safe_redirect()`.
Fixes #30598.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30598#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list