WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#7002 closed defect (bug) (fixed)

Can't control where a user redirects to when they log in

Reported by: AaronCampbell Owned by: ryan
Milestone: 2.6.2 Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch needs-testing
Focuses: Cc:

Description

The 'login' case in wp-login FIRST sets $redirect_to THEN runs wp_signon(). If we switch that, a plugin could hook into wp_signon's wp_login hook, and set $_REQUESTredirect_to? based on user type, capabilities, name, etc. It would be nice, and there is no downside that I see.

Attachments (2)

7002.001.diff (593 bytes) - added by AaronCampbell 6 years ago.
7002.filter.diff (553 bytes) - added by ryan 6 years ago.

Download all attachments as: .zip

Change History (14)

AaronCampbell6 years ago

comment:1 AaronCampbell6 years ago

  • Keywords has-patch needs-testing added

comment:2 ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7958]) Relocate signon to the top. Props AaronCampbell. fixes #7002

comment:3 ryan6 years ago

  • Milestone changed from 2.5.2 to 2.9

Milestone 2.5.2 deleted

comment:4 westi6 years ago

  • Milestone changed from 2.9 to 2.6

comment:5 AaronCampbell6 years ago

  • Milestone changed from 2.6 to 2.6.2
  • Resolution fixed deleted
  • Status changed from closed to reopened

[8069] reverted [7958] (accidentally I assume)

comment:6 ryan6 years ago

  • Owner changed from anonymous to ryan
  • Status changed from reopened to new

ryan6 years ago

comment:7 ryan6 years ago

How about a login_redirect filter called after wp_login(). Altering the redirect before login can mess up the SSL detection stuff. See patch.

comment:8 AaronCampbell6 years ago

That's fine. I don't think we really need to pass $_REQUEST['redirect_to'] since the only difference would be https vs http right? I would be ok with this:

$redirect_to = apply_filters('login_redirect', $redirect_to, $user);

However, extra data doesn't hurt I suppose. Also, in the 2.6 branch if $_REQUEST['redirect_to'] is set then $_REQUEST['redirect_to'] and $redirect_to are identical.

comment:9 ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [8736]) Add login_redirect filter. fixes #7002 for trunk

comment:10 ryan6 years ago

(In [8737]) Add login_redirect filter. fixes #7002 for 2.6

comment:11 ryan6 years ago

Went ahead and passed redirect_to from the request just in case someone needs to know if it was set or not.

comment:12 AaronCampbell6 years ago

Since it's a super-global, can't you just check that with $_REQUEST['redirect_to'] inside your function? Again, it doesn't matter to me if you add extra in there.

Thanks for handling it.

Note: See TracTickets for help on using tickets.