Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vor dem Redirect Prüfen, auf aktuelle URL prüfen #13

Open
dnaber-de opened this issue Feb 5, 2013 · 9 comments
Open

Vor dem Redirect Prüfen, auf aktuelle URL prüfen #13

dnaber-de opened this issue Feb 5, 2013 · 9 comments
Assignees
@dnaber-de
Labels
bug enhancement

Comments

@dnaber-de
Copy link
Collaborator

Prüfen, ob die aktuelle Seite nicht schon die Login-Page ist, um Loops zu vermeiden. Der check auf $pagenow läuft bei Custom Login-Pages ins leere.
@ghost ghost assigned dnaber-de Feb 5, 2013
@bueltge
Copy link
Owner

bueltge commented Jan 9, 2014

@dnaber-de Welche Prüfung meinst du, direkt in der Methode 'redirect()`?

@dnaber-de
Copy link
Collaborator Author

Es gab in Zusammenspiel mit gehookten Login-Pages (nicht wp-login.php) Probleme. Es kam zu einer Schleife. Das wurde aber schon behoben, ob seitens Authenticator oder projektbezogen weiß ich gerade nicht. Ich schau mir das noch mal an.

@bueltge
Copy link
Owner

bueltge commented Jan 13, 2014

Danke dir! Ansonsten schließen wir den Issue und können ggf. wp.org updaten, was notwendig wäre, wegen eines Bugs.

@bueltge
Copy link
Owner

bueltge commented Apr 17, 2014

@dnaber-de Kannst du das bei Gelegenheit prüfen, dann wäre 1.2 fertig.

@bueltge bueltge modified the milestones: 1.2.0, 1.3.0 Aug 29, 2014
@dnaber-de
Copy link
Collaborator Author

I suggest to use English as language for issues. I think the problem still persists, theoretically. We check for wp-login.php as $GLOBALS[ 'pagenow' ] but we then redirect using wp_login_url(). If someone hooks into login_url, the comparison of »pagenow« becomes invalid and with this, we got an infinite redirection loop.

@bueltge bueltge mentioned this issue Aug 31, 2014
Closed
dnaber-de added a commit that referenced this issue Aug 31, 2014
@dnaber-de
perform a url comparison to avoid infinite loops #13
cd8fbe4
@dnaber-de
Copy link
Collaborator Author

I've provided a possible fix for this problem in cd8fbe4 on the branch fix_13 but I don't have time to make a proper validation at the moment.

@bueltge
Copy link
Owner

bueltge commented Aug 31, 2014

Thanks for your time and effort. The language for issues is all the same for me, but if we discus without other guys and dolls, then is German much easier for me.
I will also say thank you for the time. I understand much more as other people's. Currently I'm also only online via mobile, the fritz box was broken.

@deantomasevic
Copy link

I have updated the prev. fix for this issue (17acc20). In my case the prev. fix doesnt work if i had a custom login page and add a filter for my login_url.

Example:

page-login.php - Added a blank page with url /login/

<?php
...
wp_login_form( $args );
...

functions.php

...
add_filter( 'login_url', 'my_login_page', 10, 2 );
function my_login_page( $login_url, $redirect ) {
    return home_url( '/login/?redirect_to=' . $redirect );
}

Testcases:

@dnaber-de
Copy link
Collaborator Author

About 17acc20: What happens if you request a sub-page with the permalink /some-page/login/? I assume that you won't be redirected to the login page as of the strpos() comparison.

Furthermore I think we should compare the complete login URL (including the host) to respect setups where logins might be combined on one site in a multisite.

@bueltge bueltge removed this from the 1.3.0 milestone Nov 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dnaber-de dnaber-de

Labels
bug enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bueltge @dnaber-de @deantomasevic