Make WordPress Core

Opened 15 years ago

Closed 15 years ago

#4188 closed defect (bug) (worksforme)

redirect_to within wp-login.php breaks with an authentication failure

Reported by: oaoao Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.1.3
Component: General Keywords:
Focuses: Cc:


When submitting from an external form to wp-login.php:

<form action="/wp-login.php?redirect_to=%2F" method="post">

everything operates normally if the user is authenticated on the first try. He is properly redirected to the redirect_to URL, which is "/" in this case.

However, if the login attempt failed on the first try, and a user is passed to the Wordpress login page, redirect_to seems to be lost in the new form, and the user will be redirected to his profile page.

Change History (5)

#1 @foolswisdom
15 years ago

  • Milestone changed from 2.1.4 to 2.4

#2 in reply to: ↑ description @gerbennn
15 years ago

I'm unable to replicate this bug. ENV:2.1.3
After the first request the form gets a hidden input with the value.

<input type="hidden" name="redirect_to" value="/" />

It's carryed on to every time the page loads

#3 @ryan
15 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5487]) Fix tinymce colorpicker. Props azaozz. fixes #4188 for 2.3

#4 @ryan
15 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Oops, committed to wrong bug. Ignore that commit message.

#5 @markjaquith
15 years ago

  • Milestone 2.4 deleted
  • Resolution set to worksforme
  • Status changed from reopened to closed

Cannot recreate, either with "Subscriber" or "Admin" account. Both types carry the redirect_to value on invalid logins and redirect to that URL after a successful login (following an indefinitely long chain of unsuccessful logins).

Note: See TracTickets for help on using tickets.