Skip to content

Commit de7adb6

Browse files
leedxwleedxw
committed
Also validation check for redirect_to
``` PHP Warning: Array to string conversion in /var/www/html/wp-includes/formatting.php on line 1128 "GET /wp-login.php?reauth=1&redirect_to[%24ne]=https://accessibility.blog.gov.uk/wp-admin/ HTTP/1.1" ```
1 parent 623e325 commit de7adb6

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

lib/login.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
// Gets the filtered value of the redirect_to parameter (string)
44
// Taken from wp-login.php
55
$get_redirect_to = function ($user) {
6-
if (isset($_REQUEST['redirect_to'])) {
6+
if (isset($_REQUEST['redirect_to']) && is_string($_REQUEST['redirect_to'])) {
77
$redirect_to = $_REQUEST['redirect_to'];
88
// // Redirect to https if user wants ssl
99
// if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') ) { //
@@ -13,7 +13,7 @@
1313
$redirect_to = admin_url();
1414
}
1515

16-
$requested_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
16+
$requested_redirect_to = (isset($_REQUEST['redirect_to']) && is_string($_REQUEST['redirect_to'])) ? $_REQUEST['redirect_to'] : '';
1717
return apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
1818
};
1919

0 commit comments

Comments
 (0)