Open dnaber-de opened 11 years ago
@dnaber-de Welche Prüfung meinst du, direkt in der Methode 'redirect()`?
Es gab in Zusammenspiel mit gehookten Login-Pages (nicht wp-login.php) Probleme. Es kam zu einer Schleife. Das wurde aber schon behoben, ob seitens Authenticator oder projektbezogen weiß ich gerade nicht. Ich schau mir das noch mal an.
Danke dir! Ansonsten schließen wir den Issue und können ggf. wp.org updaten, was notwendig wäre, wegen eines Bugs.
@dnaber-de Kannst du das bei Gelegenheit prüfen, dann wäre 1.2 fertig.
I suggest to use English as language for issues. I think the problem still persists, theoretically. We check for wp-login.php
as $GLOBALS[ 'pagenow' ]
but we then redirect using wp_login_url()
. If someone hooks into login_url
, the comparison of »pagenow« becomes invalid and with this, we got an infinite redirection loop.
I've provided a possible fix for this problem in cd8fbe4 on the branch fix_13
but I don't have time to make a proper validation at the moment.
Thanks for your time and effort. The language for issues is all the same for me, but if we discus without other guys and dolls, then is German much easier for me. I will also say thank you for the time. I understand much more as other people's. Currently I'm also only online via mobile, the fritz box was broken.
I have updated the prev. fix for this issue (17acc202035b6cfe4a1ceda4b7cc520162a108f4). In my case the prev. fix doesnt work if i had a custom login page and add a filter for my login_url.
Example:
page-login.php - Added a blank page with url /login/
<?php
...
wp_login_form( $args );
...
functions.php
...
add_filter( 'login_url', 'my_login_page', 10, 2 );
function my_login_page( $login_url, $redirect ) {
return home_url( '/login/?redirect_to=' . $redirect );
}
Testcases:
About 17acc202: What happens if you request a sub-page with the permalink /some-page/login/
? I assume that you won't be redirected to the login page as of the strpos()
comparison.
Furthermore I think we should compare the complete login URL (including the host) to respect setups where logins might be combined on one site in a multisite.
Prüfen, ob die aktuelle Seite nicht schon die Login-Page ist, um Loops zu vermeiden. Der check auf
$pagenow
läuft bei Custom Login-Pages ins leere.