[wp-hackers] Allow redirects to subdomain with multisite?

[John Reuning]

I have a multisite install with a single-sign on integration that only
works if the redirect destination from the sso server is the top-level
url.  i.e. sending the browser to https://example.com/wp-login.php
works but not https://site.example.com/wp-login.php.

I ended up customizing wp_validate_redirect() to allow redirects to
subdomains in a multisite install (see below).  Is there any interest
in merging this into trunk?  I can imagine this wouldn't appeal to
those who don't trust the sites they host, so perhaps checking a
config option would be appropriate.

--- pluggable.orig.php	2011-08-25 14:16:54.000000000 -0400
+++ pluggable.php	2011-08-25 14:16:06.000000000 -0400
@@ -30,6 +30,13 @@

     $allowed_hosts = (array) apply_filters('allowed_redirect_hosts',
array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');

+    if (is_multisite()) {
+        $pos = strpos($lp['host'], '.');
+        if (($pos !== false) && (substr($lp['host'], $pos + 1) ===
$wpp['host'])) {
+            $allowed_hosts[] = $lp['host'];
+        }
+    }
+
     if ( isset($lp['host']) && ( !in_array($lp['host'],
$allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
         $location = $default;

Cheers,

-John