Make WordPress Core

Opened 16 years ago

Closed 16 years ago

Last modified 16 years ago

#7002 closed defect (bug) (fixed)

Can't control where a user redirects to when they log in

Reported by: aaroncampbell's profile AaronCampbell Owned by: ryan's profile ryan
Milestone: 2.6.2 Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch needs-testing
Focuses: Cc:

Description

The 'login' case in wp-login FIRST sets $redirect_to THEN runs wp_signon(). If we switch that, a plugin could hook into wp_signon's wp_login hook, and set $_REQUESTredirect_to? based on user type, capabilities, name, etc. It would be nice, and there is no downside that I see.

Attachments (2)

7002.001.diff (593 bytes) - added by AaronCampbell 16 years ago.
7002.filter.diff (553 bytes) - added by ryan 16 years ago.

Download all attachments as: .zip

Change History (14)

#1 @AaronCampbell
16 years ago

  • Keywords has-patch needs-testing added

#2 @ryan
16 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7958]) Relocate signon to the top. Props AaronCampbell. fixes #7002

#3 @ryan
16 years ago

  • Milestone changed from 2.5.2 to 2.9

Milestone 2.5.2 deleted

#4 @westi
16 years ago

  • Milestone changed from 2.9 to 2.6

#5 @AaronCampbell
16 years ago

  • Milestone changed from 2.6 to 2.6.2
  • Resolution fixed deleted
  • Status changed from closed to reopened

[8069] reverted [7958] (accidentally I assume)

#6 @ryan
16 years ago

  • Owner changed from anonymous to ryan
  • Status changed from reopened to new

@ryan
16 years ago

#7 @ryan
16 years ago

How about a login_redirect filter called after wp_login(). Altering the redirect before login can mess up the SSL detection stuff. See patch.

#8 @AaronCampbell
16 years ago

That's fine. I don't think we really need to pass $_REQUEST['redirect_to'] since the only difference would be https vs http right? I would be ok with this:

$redirect_to = apply_filters('login_redirect', $redirect_to, $user);

However, extra data doesn't hurt I suppose. Also, in the 2.6 branch if $_REQUEST['redirect_to'] is set then $_REQUEST['redirect_to'] and $redirect_to are identical.

#9 @ryan
16 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [8736]) Add login_redirect filter. fixes #7002 for trunk

#10 @ryan
16 years ago

(In [8737]) Add login_redirect filter. fixes #7002 for 2.6

#11 @ryan
16 years ago

Went ahead and passed redirect_to from the request just in case someone needs to know if it was set or not.

#12 @AaronCampbell
16 years ago

Since it's a super-global, can't you just check that with $_REQUEST['redirect_to'] inside your function? Again, it doesn't matter to me if you add extra in there.

Thanks for handling it.

Note: See TracTickets for help on using tickets.