Skip to:
Content

Changeset 6863


Ignore:
Timestamp:
10/08/2018 08:59:35 PM (7 months ago)
Author:
johnjamesjacoby
Message:

Login: Updates to bbp_logout_url():

  • Removes Apache-only REDIRECT_URL usage
  • Defaults to the Referer (for smart redirects)
  • Adds a filter to the redirect_to string
  • Validates the redirect_to after being filtered
  • Falls back to bbp_get_root_url() if invalid
  • Ensures that custom $redirect_to values are preserved

Fixes #2188.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/common/functions.php

    r6858 r6863  
    13771377 * Return a clean and reliable logout URL
    13781378 *
    1379  * @param string $url URL
     1379 * This function is used to filter `logout_url`. If no $redirect_to value is
     1380 * passed, it will default to the request uri, then the forum root.
     1381 *
     1382 * See: `wp_logout_url()`
     1383 *
     1384 * @since 2.1.0 bbPress (2815)
     1385 *
     1386 * @param string $url URL used to log out
    13801387 * @param string $redirect_to Where to redirect to?
     1388 *
    13811389 * @return string The url
    13821390 */
    13831391function bbp_logout_url( $url = '', $redirect_to = '' ) {
    13841392
    1385     // Make sure we are directing somewhere
    1386     if ( empty( $redirect_to ) && ! strstr( $url, 'redirect_to' ) ) {
    1387 
    1388         // Rejig the $redirect_to
    1389         if ( ! isset( $_SERVER['REDIRECT_URL'] ) || ( $redirect_to !== home_url( $_SERVER['REDIRECT_URL'] ) ) ) {
    1390             $redirect_to = isset( $_SERVER['HTTP_REFERER'] )
    1391                 ? $_SERVER['HTTP_REFERER']
    1392                 : '';
     1393    // If there is no redirect in the URL, let's add one...
     1394    if ( ! strstr( $url, 'redirect_to' ) ) {
     1395
     1396        // Get the forum root, to maybe use as a default
     1397        $forum_root = bbp_get_root_url();
     1398
     1399        // No redirect passed, so check referer and fallback to request uri
     1400        if ( empty( $redirect_to ) ) {
     1401
     1402            // Check for a valid referer
     1403            $redirect_to = wp_get_referer();
     1404
     1405            // Fallback to request uri if invalid referer
     1406            if ( false === $redirect_to ) {
     1407                $redirect_to = bbp_get_url_scheme() . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
     1408            }
    13931409        }
    13941410
    1395         // Rebuild a basic redirect URL
    1396         $redirect_to = bbp_get_url_scheme() . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    1397 
    1398         // Sanitize $redirect_to and add it to full $url
    1399         $redirect_to = add_query_arg( array( 'loggedout'   => 'true'                    ), $redirect_to );
    1400         $url         = add_query_arg( array( 'redirect_to' => urlencode( $redirect_to ) ), $url         );
     1411        // Filter the $redirect_to destination
     1412        $filtered  = apply_filters( 'bbp_logout_url_redirect_to', $redirect_to );
     1413
     1414        // Validate $redirect_to, default to root
     1415        $validated = wp_validate_redirect( $filtered, $forum_root );
     1416
     1417        // Assemble $redirect_to and add it (encoded) to full $url
     1418        $appended  = add_query_arg( array( 'loggedout'   => 'true'   ), $validated );
     1419        $encoded   = urlencode( $appended );
     1420        $url       = add_query_arg( array( 'redirect_to' => $encoded ), $url       );
    14011421    }
    14021422
Note: See TracChangeset for help on using the changeset viewer.