Opened 13 years ago
Closed 13 years ago
#1662 closed defect (bug) (duplicate)
bbPress plugin encounters login and logout redirect problems in Wordpress multisite situation
Reported by: | brianoflan | Owned by: | |
---|---|---|---|
Milestone: | 2.1 | Priority: | low |
Severity: | minor | Version: | 2.0 |
Component: | General - Integration | Keywords: | 2nd-opinion |
Cc: |
Description
Consider a WordPress multisite network installed on hxxp://example.com/x/. Add one site (sub-site) as the network's super-admin user under the Network Admin screen: hxxp://example.com/x/y/ to serve as a forum. Install the bbPress plugin (you must install it via hxxp://example.com/x/wp-admin) but activate it via hxxp://example.com/x/y/wp-admin to enable forum functionality.
A user registered with the root site, x, can log in to forum site, x/y, if properly configured on x/y's dashboard under Settings, Forums, Main Settings, Allow Global Access. But upon logging in successfully, they are redirected to hxxp://example.com/x/y/x/y instead of hxxp://example.com/x/y/x/y. Logging out, the user is again redirected to .../x/y/x/y.
On login, this comes from bbp-includes/bbp-user-functions.php, near line 31 or 41, where return value $url is set to $raw_url, the second argument in the login_redirect filter function bbp_redirect_login.
On logout, this comes from function bbp_logout_url in bbp-includes/bbp-common-functions.php, near line 1074, where $redirect_to is set to home_url( $_SERVER['REQUEST_URI'] )
. home_url() has been set to return hxxp://example.com/x/y as a base address for any optional argument. home_url( '/x/y' ) produces the problematic hxxp://example.com/x/y/x/y.
In bbp-includes/bbp-user-functions.php a simple regular expression replacement can fix the problem, immediately above the return statement:
$url = preg_replace( '@^(http.?//[^/]+)(/[^/]+/[^/]+)\2(.*)$@', '$1$2$3', $url ) ;
A fix that more clearly addresses the origin of the problem (the overlap of REQUEST_URI with home_url() in a multisite config) is to first check for multisite, then extract the REQUEST_URI of home_url() and then clean the duplicate home request from any final redirect URI. In bbp-includes/bbp-common-functions.php, the eighth line above the function's return statement
$redirect_to = home_url( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );
is replaced with
if ( !is_multisite() ) { $redirect_to = home_url( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' ); } #if multisite: else { $match_array = array() ; preg_match( '@http.?[/][/][^/]+([/].*$)@', home_url(), $match_array ) ; if ( count( $match_array ) ) { $home_request = $match_array[1] ; $redirect_to = isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' ; $home_request = preg_replace( "@^${home_request}@", '', $redirect_to ) ; $redirect_to = home_url( $home_request ) ; } #if match failed: else { $redirect_to = home_url( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' ); $redirect_to = add_query_arg( array( 'match_failed' => '' ), esc_url( $redirect_to ) ); } #end match success/fail } #end multisite/not
It's not a security problem, just an inconvenience for a user logging in or out from the bbPress sub-site. It seems to only occur in this specific configuration: as a plugin on a multisite sub-site. Without a fix, the user has to click his way around until they finds the forum home page again or manually edit the URL location to remove the extra /x/y.
Likely related #1645