Skip to:
Content

BuddyPress.org

Ticket #4199: 4199.01.patch

File 4199.01.patch, 2.7 KB (added by boonebgorges, 12 years ago)
  • bp-core/bp-core-filters.php

    diff --git bp-core/bp-core-filters.php bp-core/bp-core-filters.php
    index c9d22b2..d7b6921 100644
    function bp_core_filter_comments( $comments, $post_id ) { 
    113113add_filter( 'comments_array', 'bp_core_filter_comments', 10, 2 );
    114114
    115115/**
    116  * bp_core_login_redirect()
    117  *
    118  * When a user logs in, always redirect them back to the previous page. NOT the admin area.
     116 * When a user logs in, redirect him in a logical way
    119117 *
    120118 * @package BuddyPress Core
     119 *
     120 * @uses apply_filters Filter bp_core_login_redirect to modify where users are redirected to on
     121 *   login
     122 * @param string $redirect_to The URL to be redirected to, sanitized in wp-login.php
     123 * @param string $redirect_to_raw The unsanitized redirect_to URL ($_REQUEST['redirect_to'])
     124 * @param obj $user The WP_User object corresponding to a successfully logged-in user. Otherwise
     125 *   a WP_Error object
     126 * @return string The redirect URL
    121127 */
    122 function bp_core_login_redirect( $redirect_to ) {
    123         global $wpdb;
     128function bp_core_login_redirect( $redirect_to, $redirect_to_raw, $user ) {
    124129
    125         // Don't mess with the redirect if this is not the root blog
    126         if ( is_multisite() && $wpdb->blogid != bp_get_root_blog_id() )
     130        // Only modify the redirect if we're on the main BP blog
     131        if ( !bp_is_root_blog() ) {
    127132                return $redirect_to;
     133        }
    128134
    129         // If the redirect doesn't contain 'wp-admin', it's OK
    130         if ( !empty( $_REQUEST['redirect_to'] ) && false === strpos( $_REQUEST['redirect_to'], 'wp-admin' ) )
     135        // Only modify the redirect once the user is logged in
     136        if ( !is_a( $user, 'WP_User' ) ) {
    131137                return $redirect_to;
     138        }
    132139
    133         if ( false === strpos( wp_get_referer(), 'wp-login.php' ) && false === strpos( wp_get_referer(), 'activate' ) && empty( $_REQUEST['nr'] ) )
     140        // Allow plugins to allow or disallow redirects, as desired
     141        $maybe_redirect = apply_filters( 'bp_core_login_redirect', false, $redirect_to, $redirect_to_raw, $user );
     142        if ( false !== $maybe_redirect ) {
     143                return $maybe_redirect;
     144        }
     145
     146        // If a 'redirect_to' parameter has been passed that contains 'wp-admin', verify that the
     147        // logged-in user has any business to conduct in the Dashboard before allowing the
     148        // redirect to go through
     149        if ( !empty( $_REQUEST['redirect_to'] ) && ( false === strpos( $_REQUEST['redirect_to'], 'wp-admin' ) || user_can( $user, 'edit_posts' ) ) ) {
     150                return $redirect_to;
     151        }
     152
     153        if ( false === strpos( wp_get_referer(), 'wp-login.php' ) && false === strpos( wp_get_referer(), 'activate' ) && empty( $_REQUEST['nr'] ) ) {
    134154                return wp_get_referer();
     155        }
    135156
    136157        return bp_get_root_domain();
    137158}
    138 add_filter( 'login_redirect', 'bp_core_login_redirect' );
     159add_filter( 'login_redirect', 'bp_core_login_redirect', 10, 3 );
    139160
    140161/***
    141162 * bp_core_filter_user_welcome_email()