SSO: check that `$REQUEST['redirect_to']` is a string before using it inside the conditional - Githubissues

10up / 10up-experience

The 10up Experience plugin configures WordPress to better protect and inform clients, aligned to 10up’s best practices.

GNU General Public License v2.0

129 stars 27 forks source link

SSO: check that `$REQUEST['redirect_to']` is a string before using it inside the conditional #137

Closed claytoncollie closed 1 year ago

claytoncollie commented 1 year ago

Checks that $REQUEST['redirect_to'] is a string before using it inside the conditional.

Closes #136

How to test the Change

Checkout branch in wp-content/plugins directory
Activate the plugin
Go to the login screen
Login with Single Sign On and get into the admin
Login with Single Sign On and get rejected

Changelog Entry

Fixed - SSO: check that $REQUEST['redirect_to'] is a string before using it inside the conditional.

Credits

Props @claytoncollie

Checklist:

[x] I agree to follow this project's Code of Conduct.
[ ] I have updated the documentation accordingly.
[ ] I have added tests to cover my change.
[ ] All new and existing tests pass.

claytoncollie commented 1 year ago

@tlovett1 This seems like the least invasive fix. Even if the user does not get into this conditional, the $reedirect_to right above will default to the wp_login_url --> https://github.com/10up/10up-experience/blob/develop/includes/classes/SSO/SSO.php#L299

I tested this locally and I am still able to log in successfully with a 10up account and also get rejected successfully with my personal email.