Skip to:
Content

bbPress.org

Opened 2 years ago

Last modified 10 months ago

#3498 new defect (bug)

bbPress logout links point to the previous page by default

Reported by: dd32's profile dd32 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords:
Cc:

Description

bbp_logout_url() claims the following:

 * This function is used to filter `logout_url`. If no $redirect_to value is
 * passed, it will default to the request uri, then the forum root.

However, this is incorrect, the code actually does..

 * This function is used to filter `logout_url`. If no $redirect_to value is
 * passed, it will default to the referrer, then the request uri, then the forum root.

This is because the code uses the value of wp_get_referer() prior to using the current URI.

For a real-world example of this:

  1. Visit https://bbpress.org/forums/ and check the logout link in the header, you should see a URL like this:

https://bbpress.org/wp-login.php?action=logout&_wpnonce=...&redirect_to=https%3A%2F%2Fbbpress.org%2Fforums%2F%3Floggedout%3Dtrue - It correctly refers to /forums/ because the Trac referer is invalid for a redirect from bbpress.org.

  1. Now open a Support Thread, Note the logout URL is still set to /forums/ (where we just came from).
  2. Now click ANY support link, for example, the forum the topic is posted in. NOT the back button. Check the logout link, observe it points to the thread you were just viewing in step 2.

The usage of wp_get_referer() would only be correct here, if the function was hooked to logout_redirect (which is run on wp-login.php?action=logout), but instead this is hooked to logout_url (wp_logout_url()) which means it filters the logout links visible in the toolbar.

Change History (0)

Note: See TracTickets for help on using tickets.