bb-login.php can mung urls

[mdawaffe]

1. Go to  http://wordpress.org/support/
2. Log out.
3. Go to  http://wordpress.org/tags/archives
4. Log in.
5. Get redirected to http://wordpress.org/support/ttp://wordpress.org/tags/archives

This happens because bbPress allows you to define a custom tag_path.

bb-login.php doesn't think that the redirect url (http://wordpress.org/tags/archives) is a safe place to redirect (it doesn't start with bbPress's home URL: http://wordpress.org/support).

The logic prepends the home url to a substr()'d version of the redirect url (bb-login.php treats the redirect url as a relative URL since it didn't pass the safety check).

Instead of doing

bb_get_common_paths( 'http://wordpress.org/support/', 'http://wordpress.org/tags/archives' )

we could do

bb_get_common_parts( 'http://wordpress.org/support/', 'http://wordpress.org/tags/archives', '/' )

Or we could forgo this precursor check and instead "absolutize" relative links and just depend on bb_safe_redirect() to do the safety check for us (which, in core, only looks at host info, not path info).

At the time of this filing, wordpress.org was running source:branches/0.8@1353

(In [1355]) Proposed fix for bb-login redirect bug - See #835

(In [1356]) Last commit totally broke login, here's a better idea - See #835

(In [1361]) remove now erroneous comment. see #835

I am not sure if this ticket broke the redirect again but now on logouts in build 1364 I am sent to a blank white screen.

Logouts worked before an svn up yesterday, so I suspect this changeset did it.

(In [1365]) Fix to bb-login.php for referer-shy tin-foil-hat-brigade - Props _ck_ - See #835

(In [1366]) Fix to bb-login.php for referer-shy tin-foil-hat-brigade - Props _ck_ - See #835 - branches/0.8

(In [1380]) Better redirect checking for bb-login.php - See #835

Closing as fixed for now. Please add new ticket if any problems arise from the existing changes.