Ticket #6385 (closed defect: fixed)

Opened 6 months ago

Last modified 6 months ago

wp-admin auth redirect does not honor redirect_to if user is allready logged on

Reported by: DD32 Assigned to: anonymous
Priority: normal Milestone: 2.5
Component: Administration Version: 2.5
Severity: normal Keywords: has-patch
Cc:

Description

I occasionally access WordPress through non-site address's.

Currently WordPress is installed at 

http://long-domain-name-here/wordpress/wp-admin/

That long domain is located on localhost, Sometimes, i'll access it directly via localhost: 

http://localhost/wordpress/wp-admin/plugins.php

and be automatically redirected to the correct hostname via the wp-login pages. The address i get redirected to in the above case is: 

http://long-domain-name-here/wordpress/wp-admin/

It doesnt honor the redirect value if the user is allready logged on, instead it uses its default of 'wp-admin/'

Attachments

6385.diff (478 bytes) - added by DD32 on 03/26/08 04:17:01.

Change History

03/26/08 04:17:01 changed by DD32

  • attachment 6385.diff added.

03/26/08 04:28:30 changed by ryan

I think the is_user_logged_in() check was to prevent people from laundering links. But now we have wp_safe_redirect() so we shouldn't need it anymore. Just a little history.

03/26/08 05:08:05 changed by ryan

Actually, the logic is wrong for that to be the reason. [4969] added the is_user_logged_in() check and I'm trying to remember why.

03/26/08 06:07:18 changed by markjaquith

No, I think that was to prevent link laundering. With wp_safe_redirect() we should be able to remove the is_user_logged_in() check.

03/26/08 07:43:53 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [7524]) Honor redirect_to for logged in users. Props DD32. fixes #6385