Skip to content

fix: ensure execution stops after redirects #786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sjinks wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: ensure execution stops after redirects #786

sjinks wants to merge 2 commits into from

Conversation

@sjinks
Copy link
Contributor

@sjinks sjinks commented Feb 9, 2026

What?

This PR ensures that code execution stops after calling wp_safe_redirect() in the two-factor authentication validation functions. Without exit(), PHP continues executing code after sending redirect headers, which could lead to security vulnerabilities or unintended behavior.

Why?

This follows WordPress best practices and aligns with the existing function documentation that states "wp_safe_redirect() does not exit automatically, and should almost always be followed by a call to exit;."

How?

Add exit() after calls to wp_safe_redirect().

Testing Instructions

N/A :-(

Screenshots or screencast

N/A

Changelog Entry

Security - Ensure that code execution stops after calling wp_safe_redirect().

@github-actions
Copy link

github-actions bot commented Feb 9, 2026

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: sjinks <[email protected]>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@jeffpaul jeffpaul added this to the 0.15.0 milestone Feb 9, 2026
@jeffpaul jeffpaul requested a review from kasparsd February 9, 2026 21:20
@jeffpaul jeffpaul moved this from Backlog to In review in Two Factor project board Feb 9, 2026
@sjinks sjinks mentioned this pull request Feb 9, 2026
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kasparsd kasparsd Awaiting requested review from kasparsd

Assignees

No one assigned

Labels

None yet

Projects

Two Factor project board
Status: In review

Milestone

0.15.0

Development

Successfully merging this pull request may close these issues.

2 participants

@sjinks @jeffpaul