Skip to:

Opened 13 years ago

Closed 13 years ago

#1662 closed defect (bug) (duplicate)

bbPress plugin encounters login and logout redirect problems in Wordpress multisite situation

Reported by: brianoflan's profile brianoflan Owned by:
Milestone: 2.1 Priority: low
Severity: minor Version: 2.0
Component: General - Integration Keywords: 2nd-opinion


Consider a WordPress multisite network installed on hxxp:// Add one site (sub-site) as the network's super-admin user under the Network Admin screen: hxxp:// to serve as a forum. Install the bbPress plugin (you must install it via hxxp:// but activate it via hxxp:// to enable forum functionality.

A user registered with the root site, x, can log in to forum site, x/y, if properly configured on x/y's dashboard under Settings, Forums, Main Settings, Allow Global Access. But upon logging in successfully, they are redirected to hxxp:// instead of hxxp:// Logging out, the user is again redirected to .../x/y/x/y.

On login, this comes from bbp-includes/bbp-user-functions.php, near line 31 or 41, where return value $url is set to $raw_url, the second argument in the login_redirect filter function bbp_redirect_login.

On logout, this comes from function bbp_logout_url in bbp-includes/bbp-common-functions.php, near line 1074, where $redirect_to is set to home_url( $_SERVER['REQUEST_URI'] ). home_url() has been set to return hxxp:// as a base address for any optional argument. home_url( '/x/y' ) produces the problematic hxxp://

In bbp-includes/bbp-user-functions.php a simple regular expression replacement can fix the problem, immediately above the return statement:
$url = preg_replace( '@^(http.?//[^/]+)(/[^/]+/[^/]+)\2(.*)$@', '$1$2$3', $url ) ;

A fix that more clearly addresses the origin of the problem (the overlap of REQUEST_URI with home_url() in a multisite config) is to first check for multisite, then extract the REQUEST_URI of home_url() and then clean the duplicate home request from any final redirect URI. In bbp-includes/bbp-common-functions.php, the eighth line above the function's return statement

		$redirect_to = home_url( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );

is replaced with

		if ( !is_multisite() ) {
		  $redirect_to = home_url( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );
		} #if multisite:
		else {
		  $match_array = array() ;
		  preg_match( '@http.?[/][/][^/]+([/].*$)@', home_url(), $match_array ) ;
		  if ( count( $match_array ) ) {
		    $home_request = $match_array[1] ;
		    $redirect_to = isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' ;
		    $home_request = preg_replace( "@^${home_request}@", '', $redirect_to ) ;
		    $redirect_to = home_url( $home_request ) ;
		  } #if match failed:
		  else {
		    $redirect_to = home_url( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );
		    $redirect_to = add_query_arg( array( 'match_failed' => '' ), esc_url( $redirect_to ) );
		  } #end match success/fail
		} #end multisite/not

It's not a security problem, just an inconvenience for a user logging in or out from the bbPress sub-site. It seems to only occur in this specific configuration: as a plugin on a multisite sub-site. Without a fix, the user has to click his way around until they finds the forum home page again or manually edit the URL location to remove the extra /x/y.

Change History (3)

#1 @cnorris23
13 years ago

  • Milestone changed from Awaiting Review to 2.0.1

Likely related #1645

#2 @johnjamesjacoby
13 years ago

  • Milestone changed from 2.0.1 to 2.1

#3 @johnjamesjacoby
13 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

Closing as duplicate as #1645.

Note: See TracTickets for help on using tickets.