[wp-trac] [WordPress Trac] #30598: Multisite Subdomain doesn't properly redirect users logging in to the primary site
WordPress Trac
noreply at wordpress.org
Sun Mar 8 23:13:06 UTC 2015
#30598: Multisite Subdomain doesn't properly redirect users logging in to the
primary site
--------------------------------+-----------------------------
Reporter: Ipstenu | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Networks and Sites | Version:
Severity: normal | Resolution:
Keywords: | Focuses: multisite
--------------------------------+-----------------------------
Changes (by jeremyfelt):
* milestone: Awaiting Review => Future Release
Comment:
This happens because of the `wp_safe_redirect()` call used to manage the
redirect request. The user's subdomain does not match the allowed host
from the original request and the redirect is sanitized back to the
standard admin URL.
It seems like we could split the redirect handling here. If `$redirect_to`
is actually provided by the login page as `$_POST` data, use
`wp_safe_redirect()`. If the URL is core generated (e.g.
`get_dashboard_url()`), use `wp_redirect()`.
Not sure if there are other repercussions to think of here.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30598#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list