Ticket #1240: wp-login.php.diff

wp-login.php

@@ -23 +23 @@
 case 'logout':
 
         wp_clearcookie();
-        do_action('wp_logout');
+        // do_action('wp_logout');       No plugins are loaded... so this is absolutely useless
         header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
         header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
         header('Cache-Control: no-cache, must-revalidate, max-age=0');
         header('Pragma: no-cache');
-        wp_redirect('wp-login.php');
+        
+        $redirect_to = 'wp-login.php';
+        if ( isset($_REQUEST['redirect_to']) )
+                $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_REQUEST['redirect_to']);
+                        
+        wp_redirect($redirect_to);
         exit();
 
 break;
@@ -182 +187 @@
 
         if ($user_login && $user_pass) {
                 $user = get_userdatabylogin($user_login);
-                if ( 0 == $user->user_level )
+                if ( 0 == $user->user_level && (empty($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == 'wp-admin/') )
                         $redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
 
                 if ( wp_login($user_login, $user_pass, $using_cookie) ) {