cookies, reauth and themed-profiles.php
-
This is a weird issue stemming from a weird situation but here goes. Hopefully plugin author could shed some light here.
Links that point to a private site all get redirected to the profile page after login. This seems to be due to some unclear external circumstances, possibly something like a combination of a desktop app containing the link, varnish cache and being logged in.
Tracking it down, it seems that requests fall trough the all TML template_redirects and end up on the default one for the themed-profiles.php module, which in fact redirects to the profile page.This can be reproduced consistently by following a ?redirect_to=… link while already logged in (the one that TML redirect to if you’re not logged in on a private site). I can supply more details, but here’s a patch that seems to cover this edge case and stops it at the security module.
diff --git a/wp-content/plugins/theme-my-login/modules/security/security.php b/wp-content/plugins/theme-my-login/modules/security/security.php index 4b3028a..d5ab044 100644 --- a/wp-content/plugins/theme-my-login/modules/security/security.php +++ b/wp-content/plugins/theme-my-login/modules/security/security.php @@ -117,6 +117,10 @@ class Theme_My_Login_Security extends Theme_My_Login_Abstract { $redirect_to = apply_filters( 'tml_security_private_site_redirect', wp_login_url( $_SERVER['REQUEST_URI'], true ) ); wp_safe_redirect( $redirect_to ); exit; + }elseif(is_user_logged_in() && !empty($_REQUEST['redirect_to'])){ + $redirect_to = apply_filters( 'tml_security_private_site_redirect', home_url($_REQUEST['redirect_to']) ); + wp_safe_redirect( $redirect_to ); + exit; } } }Not sure if this could be incorporated into a future release somehow?
- The topic ‘cookies, reauth and themed-profiles.php’ is closed to new replies.
