Make WordPress Core


Ignore:
Timestamp:
04/18/2024 06:22:19 AM (8 months ago)
Author:
SergeyBiryukov
Message:

Login and Registration: Check that redirect_to is a string in wp-login.php.

This prevents a fatal error if an array is passed instead.

Follow-up to [2876], [4969], [7524], [8701], [25701], [31417], [49109].

Props TimoTijhof.
Fixes #59373.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r57801 r58023  
    793793        wp_logout();
    794794
    795         if ( ! empty( $_REQUEST['redirect_to'] ) ) {
     795        if ( ! empty( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) {
    796796            $redirect_to           = $_REQUEST['redirect_to'];
    797797            $requested_redirect_to = $redirect_to;
     
    12971297        }
    12981298
    1299         if ( isset( $_REQUEST['redirect_to'] ) ) {
     1299        if ( isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) {
    13001300            $redirect_to = $_REQUEST['redirect_to'];
    13011301            // Redirect to HTTPS if user wants SSL.
     
    13351335        }
    13361336
    1337         $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
     1337        $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
     1338
    13381339        /**
    13391340         * Filters the login redirect URL.
     
    14391440            } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) {
    14401441                $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' );
    1441             } elseif ( isset( $_GET['redirect_to'] ) && str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) {
     1442            } elseif ( isset( $_GET['redirect_to'] ) && is_string( $_GET['redirect_to'] )
     1443                && str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' )
     1444            ) {
    14421445                $query_component = wp_parse_url( $_GET['redirect_to'], PHP_URL_QUERY );
    14431446                $query           = array();
Note: See TracChangeset for help on using the changeset viewer.