Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#54952 closed defect (bug) (invalid)

5.9 breaks auth_redirect?

Reported by: epinci's profile EPinci Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.9
Component: General Keywords:
Focuses: Cc:

Description

I added the following snippet to TwentyTwelve's functions.php file:

  add_shortcode('need_login', 'shortcode_needLogin');

  function shortcode_needLogin() {
   if(!is_user_logged_in()) {
    auth_redirect();
   }

So that adding a [need_login] shortcode to a page triggers a login.

--> Works with PHP8.0.15(win) and WP5.8.3.
--> Broken in WP5.9 and PHP8.0.15(win) resulting in a blank content and the following PHP error:

[27-Jan-2022 13:19:48 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at D:\Inetpub\WWWRoot\wordpress\wp-includes\class.wp-styles.php:214) in D:\Inetpub\WWWRoot\wordpress\wp-includes\pluggable.php on line 1358

Seems all core related, is it a regression?

Thank you.

Change History (3)

#1 @swissspidy
2 years ago

  • Keywords close added

I am quite surprised that this used to work for you. Because from a technical perspective it's not possible.

Shortcodes are used in post content. Post content is rendered after lots of HTML content (e.g. the <head> of your page) has already rendered. At this point, HTTP headers are already sent by PHP.

At this point it's simply not possible to trigger redirects, hence the warning.

If you need t trigger redirects, you need to do this by hooking in some early action and not do that in a shortcode.

#2 @peterwilsoncc
2 years ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi @EPinci and welcome to trac!

I've tested this on a vanilla WP 5.8 install (no plugins) running the Twenty Twelve theme. As predicted in the comment above it failed in the old version of WP too.

WordPress has built in support for private content, you can see an article about this here https://wordpress.org/support/article/content-visibility/ -- it also provides some links to other plugins you may find helpful.

HTTP Headers are only able to be sent prior to content been printed on the screen, so I'm going to close this ticket off as invalid. In this case, this is trac's unfriendly way of indicating that I've referred you to the support article.

#3 @EPinci
2 years ago

Ah! @swissspidy @peterwilsoncc Thank you for following up on this and the explanation!

I'm good with the close down of this one although I'm baffled by the fact that, as much as it shouldn't have worked, I used it for a while.
Never mind, probably a good chance to look at a more structured solution! :)

Note: See TracTickets for help on using tickets.