#41834 closed defect (bug) (invalid)
wp_redirect issue with HTTPS and when $redirect_to is more than one directory deep
Reported by: | joneslloyd | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.8.1 |
Component: | General | Keywords: | needs-testing |
Focuses: | administration | Cc: |
Description
Below is a simplified version of my code, which produces the error:
<?php /** * Redirect users after login */ add_filter('login_redirect', function ($redirect_to, $request, $user) { if (isset($user->roles) && is_array($user->roles)) { if (! empty($redirect_to)) { wp_redirect($redirect_to); } elseif (in_array('administrator', $user->roles)) { wp_redirect(admin_url()); } else { wp_redirect(get_the_permalink(get_default_page_id('dashboard'))); } exit; } }, 10, 3);
As per the code above, if $redirect_to
is not empty, users are redirected to that URL.
I've found that when running a site on HTTPS, an issue arises when $redirect_to
's value contains more than one directory / level.
For example, when I want to redirect to https://mysite.com/dashboard/
, the redirect occurs correctly (and the value of $redirect_to
is https://mysite.com/dashboard/
, as expected).
However, when I try to redirect to https://mysite.com/modules/module-0/
, the value of $redirect_to
is actually https:/mysite.com/modules/module-0/
-- Notice the second /
after the colon is removed.
This (I believe) then causes WordPress to strip out the broken https:/
when wp_sanitize_redirect
is called inside of the wp_redirect
function, and the resultant redirect that actually occurs in the web browser is https://mysite.com/mysite.com/modules/module-0/
(which is a 404 error).
Change History (5)
#1
@
7 years ago
- Focuses template performance removed
- Keywords reporter-feedback needs-testing added
#2
@
7 years ago
Hey @johnbillion, thanks!
Just trying to reproduce in said environment now.
Just to check: Should the URL in the address bar (in the redirect_to
parameter) be URL encoded? Currently mine are not, which I'm thinking could be (part of) the issue?
Thanks for the report @joneslloyd, and welcome to WordPress Trac.
Are you able to reproduce the issue with all your plugins deactivated, and with one of the default themes (such as Twenty Seventeen) enabled?