Make WordPress Core

Opened 11 years ago

Closed 10 years ago

#23412 closed defect (bug) (duplicate)

Password protected pages - redirect after login

Reported by: dood_cro's profile dood_cro Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.1
Component: Template Keywords: needs-patch
Focuses: Cc:

Description (last modified by SergeyBiryukov)


I am using WP 3.5.1 and I have found out that after a successful login to a password protected page, WP won't redirect back.

This is because referrer is empty.

So I have modified page login script to have hidden "_wp_http_referer" field in form.

After that, login redirects back to page normally.

Here is my script:

	function my_password_form() {
	    global $post;
	    $label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID );
	    $o = '<form class="protected-post-form" action="' . get_option( 'siteurl' ) . '/wp-login.php?action=postpass" method="post">
	    <p>' . __( "To view this protected post, enter the password below:" ) . '</p>
	    <label for="' . $label . '">' . __( "Password:" ) . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" /><input type="submit" name="Submit" value="' . esc_attr__( "Submit" ) . '" />
	    <input type="hidden" name="_wp_http_referer" value="'.get_permalink().'" />
	    return $o;
	add_filter( 'the_password_form', 'my_password_form' );

This functions returns empty URL to wp-login.php script:

function wp_get_referer() {
	$ref = false;
	if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
		$ref = $_REQUEST['_wp_http_referer'];
	else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
		$ref = $_SERVER['HTTP_REFERER'];

	if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
		return $ref;
	return false;

I hope this helps.

I have tried this with all plugins disabled, and also on 20-12 theme, same error occurs.


Change History (4)

#1 @SergeyBiryukov
11 years ago

  • Component changed from Accessibility to General
  • Description modified (diff)

#2 @csixty4
11 years ago

  • Keywords reporter-feedback added

I can't reproduce this in 3.5.1 or 3.6 trunk. Referer is usually pretty reliable on modern browsers. Sounds like a browser issue or maybe a server configuration. Could you provide more details on your setup & steps to reproduce?

#3 @nacin
10 years ago

  • Component changed from General to Template
  • Keywords needs-patch added; reporter-feedback removed
  • Milestone changed from Awaiting Review to Future Release

I'm good with adding a referer field to the password form.

#4 @nacin
10 years ago

  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #16482.

Note: See TracTickets for help on using tickets.