WordPress.org

Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#6385 closed defect (bug) (fixed)

wp-admin auth redirect does not honor redirect_to if user is allready logged on

Reported by: DD32 Owned by:
Milestone: 2.5 Priority: normal
Severity: normal Version: 2.5
Component: Administration Keywords: has-patch
Focuses: Cc:
PR Number:

Description

I occasionally access WordPress through non-site address's.

Currently WordPress is installed at

http://long-domain-name-here/wordpress/wp-admin/

That long domain is located on localhost, Sometimes, i'll access it directly via localhost:

http://localhost/wordpress/wp-admin/plugins.php

and be automatically redirected to the correct hostname via the wp-login pages. The address i get redirected to in the above case is:

http://long-domain-name-here/wordpress/wp-admin/

It doesnt honor the redirect value if the user is allready logged on, instead it uses its default of 'wp-admin/'

Attachments (1)

6385.diff (478 bytes) - added by DD32 12 years ago.

Download all attachments as: .zip

Change History (5)

@DD32
12 years ago

#1 @ryan
12 years ago

I think the is_user_logged_in() check was to prevent people from laundering links. But now we have wp_safe_redirect() so we shouldn't need it anymore. Just a little history.

#2 @ryan
12 years ago

Actually, the logic is wrong for that to be the reason. [4969] added the is_user_logged_in() check and I'm trying to remember why.

#3 @markjaquith
12 years ago

No, I think that was to prevent link laundering. With wp_safe_redirect() we should be able to remove the is_user_logged_in() check.

#4 @ryan
12 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7524]) Honor redirect_to for logged in users. Props DD32. fixes #6385

Note: See TracTickets for help on using tickets.