WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 2 years ago

#17243 closed defect (bug) (fixed)

wp_login_form: default for redirect leads to 404 on site in sub-folders

Reported by: esmi Owned by: nacin
Milestone: 3.3 Priority: normal
Severity: normal Version: 3.0
Component: Template Keywords: has-patch
Focuses: Cc:

Description

When using wp_login_form in a site in a sub-folder (eg. /wordpress), the default redirect parameter (site_url( $_SERVERREQUEST_URI? )) causes the redirect to duplicate the sub-folder in the url eg: http://example.com/wordpress/wordpress/

Replicated on 3.1.1 and 3.2 bleeding on 2 separate servers.

Attachments (1)

17243.diff (714 bytes) - added by kawauso 3 years ago.
$_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']

Download all attachments as: .zip

Change History (8)

kawauso3 years ago

$_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']

comment:1 kawauso3 years ago

  • Keywords has-patch added

comment:2 kawauso3 years ago

  • Component changed from General to Template
  • Version set to 3.0

comment:3 ZaneMatthew3 years ago

  • Cc zanematthew@… added

comment:4 SergeyBiryukov3 years ago

  • Milestone changed from Awaiting Review to 3.3

comment:5 nacin2 years ago

<input type="hidden" name="redirect_to" value="' . esc_attr( $args['redirect'] ) . '" />

Thinking that should be esc_url().

Or, if it should remain esc_attr() (and I don't think it should), then this patch should esc_url_raw() what we build from $_SERVER.

comment:6 nacin2 years ago

In [19032]:

Fix the current page default redirect in wp_login_form(). props kawauso, see #17243.

comment:7 nacin2 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [19033]:

Use esc_url() rather than esc_attr() on a redirect-to URL. fixes #17243.

Note: See TracTickets for help on using tickets.