Ticket #7002 (closed defect: fixed)

Opened 6 months ago

Last modified 3 months ago

Can't control where a user redirects to when they log in

Reported by: AaronCampbell Assigned to: ryan
Priority: normal Milestone: 2.6.2
Component: General Version:
Severity: normal Keywords: has-patch needs-testing
Cc:

Description

The 'login' case in wp-login FIRST sets $redirect_to THEN runs wp_signon(). If we switch that, a plugin could hook into wp_signon's wp_login hook, and set $_REQUESTredirect_to? based on user type, capabilities, name, etc. It would be nice, and there is no downside that I see.

Attachments

7002.001.diff (0.6 kB) - added by AaronCampbell on 05/20/08 13:31:04.
7002.filter.diff (0.5 kB) - added by ryan on 08/26/08 17:25:49.

Change History

05/20/08 13:31:04 changed by AaronCampbell

  • attachment 7002.001.diff added.

05/20/08 13:34:25 changed by AaronCampbell

  • keywords set to has-patch needs-testing.

05/20/08 16:40:50 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [7958]) Relocate signon to the top. Props AaronCampbell?. fixes #7002

07/15/08 16:24:07 changed by ryan

  • milestone changed from 2.5.2 to 2.9.

Milestone 2.5.2 deleted

07/30/08 20:35:02 changed by westi

  • milestone changed from 2.9 to 2.6.

08/25/08 00:24:09 changed by AaronCampbell

  • status changed from closed to reopened.
  • resolution deleted.
  • milestone changed from 2.6 to 2.6.2.

[8069] reverted [7958] (accidentally I assume)

08/25/08 15:51:12 changed by ryan

  • owner changed from anonymous to ryan.
  • status changed from reopened to new.

08/26/08 17:25:49 changed by ryan

  • attachment 7002.filter.diff added.

08/26/08 17:26:36 changed by ryan

How about a login_redirect filter called after wp_login(). Altering the redirect before login can mess up the SSL detection stuff. See patch.

08/26/08 17:43:54 changed by AaronCampbell

That's fine. I don't think we really need to pass $_REQUEST['redirect_to'] since the only difference would be https vs http right? I would be ok with this:

$redirect_to = apply_filters('login_redirect', $redirect_to, $user);

However, extra data doesn't hurt I suppose. Also, in the 2.6 branch if $_REQUEST['redirect_to'] is set then $_REQUEST['redirect_to'] and $redirect_to are identical.

08/26/08 17:57:05 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [8736]) Add login_redirect filter. fixes #7002 for trunk

08/26/08 17:57:34 changed by ryan

(In [8737]) Add login_redirect filter. fixes #7002 for 2.6

08/26/08 17:58:25 changed by ryan

Went ahead and passed redirect_to from the request just in case someone needs to know if it was set or not.

08/26/08 18:02:19 changed by AaronCampbell

Since it's a super-global, can't you just check that with $_REQUEST['redirect_to'] inside your function? Again, it doesn't matter to me if you add extra in there.

Thanks for handling it.