<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[BuddyPress][6031] trunk/bp-core/bp-core-filters.php: Refactors bp_core_login_redirect() for better extensibility and flow</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://buddypress.trac.wordpress.org/changeset/6031">6031</a></dd>
<dt>Author</dt> <dd>boonebgorges</dd>
<dt>Date</dt> <dd>2012-05-14 13:21:30 +0000 (Mon, 14 May 2012)</dd>
</dl>
<h3>Log Message</h3>
<pre>Refactors bp_core_login_redirect() for better extensibility and flow
This patch does the following:
- Eases the restriction on login redirects to wp-admin. Previously, all such
redirects were bounced back to the home page. While this restriction makes
sense for the majority of users on the majority of BP installs (who never
need to see the Dashboard), it was a pain for Administrators and other users
who have legitimate reasons to visit wp-admin pages, especially when
clicking directly on links in WP notification emails. This changeset allows
login redirects to wp-admin to succeed when users are of the Contributor
level or higher.
- Introduces a filter bp_core_login_redirect, which allows plugins to override
the default behavior of bp_core_login_redirect() for some users, without
requiring that they unhook the function altogether.
Fixes <a href="http://buddypress.trac.wordpress.org/ticket/4199">#4199</a>
Props djpaul, Jonathan Davis for help conceputalizing and testing</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkbpcorebpcorefiltersphp">trunk/bp-core/bp-core-filters.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkbpcorebpcorefiltersphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core/bp-core-filters.php (6030 => 6031)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core/bp-core-filters.php        2012-05-13 19:56:01 UTC (rev 6030)
+++ trunk/bp-core/bp-core-filters.php        2012-05-14 13:21:30 UTC (rev 6031)
</span><span class="lines">@@ -113,29 +113,50 @@
</span><span class="cx"> add_filter( 'comments_array', 'bp_core_filter_comments', 10, 2 );
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * bp_core_login_redirect()
</del><ins>+ * When a user logs in, redirect him in a logical way
</ins><span class="cx"> *
</span><del>- * When a user logs in, always redirect them back to the previous page. NOT the admin area.
</del><ins>+ * @package BuddyPress Core
</ins><span class="cx"> *
</span><del>- * @package BuddyPress Core
</del><ins>+ * @uses apply_filters Filter bp_core_login_redirect to modify where users are redirected to on
+ * login
+ * @param string $redirect_to The URL to be redirected to, sanitized in wp-login.php
+ * @param string $redirect_to_raw The unsanitized redirect_to URL ($_REQUEST['redirect_to'])
+ * @param obj $user The WP_User object corresponding to a successfully logged-in user. Otherwise
+ * a WP_Error object
+ * @return string The redirect URL
</ins><span class="cx"> */
</span><del>-function bp_core_login_redirect( $redirect_to ) {
-        global $wpdb;
</del><ins>+function bp_core_login_redirect( $redirect_to, $redirect_to_raw, $user ) {
</ins><span class="cx">
</span><del>-        // Don't mess with the redirect if this is not the root blog
-        if ( is_multisite() && $wpdb->blogid != bp_get_root_blog_id() )
</del><ins>+        // Only modify the redirect if we're on the main BP blog
+        if ( !bp_is_root_blog() ) {
</ins><span class="cx">                 return $redirect_to;
</span><ins>+        }
</ins><span class="cx">
</span><del>-        // If the redirect doesn't contain 'wp-admin', it's OK
-        if ( !empty( $_REQUEST['redirect_to'] ) && false === strpos( $_REQUEST['redirect_to'], 'wp-admin' ) )
</del><ins>+        // Only modify the redirect once the user is logged in
+        if ( !is_a( $user, 'WP_User' ) ) {
</ins><span class="cx">                 return $redirect_to;
</span><ins>+        }
</ins><span class="cx">
</span><del>-        if ( false === strpos( wp_get_referer(), 'wp-login.php' ) && false === strpos( wp_get_referer(), 'activate' ) && empty( $_REQUEST['nr'] ) )
</del><ins>+        // Allow plugins to allow or disallow redirects, as desired
+        $maybe_redirect = apply_filters( 'bp_core_login_redirect', false, $redirect_to, $redirect_to_raw, $user );
+        if ( false !== $maybe_redirect ) {
+                return $maybe_redirect;
+        }
+
+        // If a 'redirect_to' parameter has been passed that contains 'wp-admin', verify that the
+        // logged-in user has any business to conduct in the Dashboard before allowing the
+        // redirect to go through
+        if ( !empty( $_REQUEST['redirect_to'] ) && ( false === strpos( $_REQUEST['redirect_to'], 'wp-admin' ) || user_can( $user, 'edit_posts' ) ) ) {
+                return $redirect_to;
+        }
+
+        if ( false === strpos( wp_get_referer(), 'wp-login.php' ) && false === strpos( wp_get_referer(), 'activate' ) && empty( $_REQUEST['nr'] ) ) {
</ins><span class="cx">                 return wp_get_referer();
</span><ins>+        }
</ins><span class="cx">
</span><span class="cx">         return bp_get_root_domain();
</span><span class="cx"> }
</span><del>-add_filter( 'login_redirect', 'bp_core_login_redirect' );
</del><ins>+add_filter( 'login_redirect', 'bp_core_login_redirect', 10, 3 );
</ins><span class="cx">
</span><span class="cx"> /***
</span><span class="cx"> * bp_core_filter_user_welcome_email()
</span></span></pre>
</div>
</div>
</body>
</html>