Ticket #6385 (closed defect (bug): fixed)

Opened 4 years ago

Last modified 4 years ago

wp-admin auth redirect does not honor redirect_to if user is allready logged on

Reported by: DD32 Owned by: anonymous
Priority: normal Milestone: 2.5
Component: Administration Version: 2.5
Severity: normal Keywords: has-patch
Cc:

Description

I occasionally access WordPress through non-site address's.

Currently WordPress is installed at 

http://long-domain-name-here/wordpress/wp-admin/

That long domain is located on localhost, Sometimes, i'll access it directly via localhost: 

http://localhost/wordpress/wp-admin/plugins.php

and be automatically redirected to the correct hostname via the wp-login pages. The address i get redirected to in the above case is: 

http://long-domain-name-here/wordpress/wp-admin/

It doesnt honor the redirect value if the user is allready logged on, instead it uses its default of 'wp-admin/'

Attachments

6385.diff Download (478 bytes) - added by DD32 4 years ago.

Change History

DD324 years ago

comment:1   ryan4 years ago

I think the is_user_logged_in() check was to prevent people from laundering links. But now we have wp_safe_redirect() so we shouldn't need it anymore. Just a little history.

comment:2   ryan4 years ago

Actually, the logic is wrong for that to be the reason. [4969] added the is_user_logged_in() check and I'm trying to remember why.

comment:3   markjaquith4 years ago

No, I think that was to prevent link laundering. With wp_safe_redirect() we should be able to remove the is_user_logged_in() check.

comment:4   ryan4 years ago

  • Status changed from new to closed
  • Resolution set to fixed

(In [7524]) Honor redirect_to for logged in users. Props DD32. fixes #6385

Note: See TracTickets for help on using tickets.