Skip to:
Content

BuddyPress.org

Changeset 6031


Ignore:
Timestamp:
05/14/2012 01:21:30 PM (12 years ago)
Author:
boonebgorges
Message:

Refactors bp_core_login_redirect() for better extensibility and flow

This patch does the following:

  • Eases the restriction on login redirects to wp-admin. Previously, all such redirects were bounced back to the home page. While this restriction makes sense for the majority of users on the majority of BP installs (who never need to see the Dashboard), it was a pain for Administrators and other users who have legitimate reasons to visit wp-admin pages, especially when clicking directly on links in WP notification emails. This changeset allows login redirects to wp-admin to succeed when users are of the Contributor level or higher.
  • Introduces a filter bp_core_login_redirect, which allows plugins to override the default behavior of bp_core_login_redirect() for some users, without requiring that they unhook the function altogether.

Fixes #4199
Props djpaul, Jonathan Davis for help conceputalizing and testing

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-core/bp-core-filters.php

    r6022 r6031  
    114114
    115115/**
    116  * bp_core_login_redirect()
    117  *
    118  * When a user logs in, always redirect them back to the previous page. NOT the admin area.
    119  *
    120  * @package BuddyPress Core
    121  */
    122 function bp_core_login_redirect( $redirect_to ) {
    123     global $wpdb;
    124 
    125     // Don't mess with the redirect if this is not the root blog
    126     if ( is_multisite() && $wpdb->blogid != bp_get_root_blog_id() )
     116 * When a user logs in, redirect him in a logical way
     117 *
     118 * @package BuddyPress Core
     119 *
     120 * @uses apply_filters Filter bp_core_login_redirect to modify where users are redirected to on
     121 *   login
     122 * @param string $redirect_to The URL to be redirected to, sanitized in wp-login.php
     123 * @param string $redirect_to_raw The unsanitized redirect_to URL ($_REQUEST['redirect_to'])
     124 * @param obj $user The WP_User object corresponding to a successfully logged-in user. Otherwise
     125 *   a WP_Error object
     126 * @return string The redirect URL
     127 */
     128function bp_core_login_redirect( $redirect_to, $redirect_to_raw, $user ) {
     129
     130    // Only modify the redirect if we're on the main BP blog
     131    if ( !bp_is_root_blog() ) {
    127132        return $redirect_to;
    128 
    129     // If the redirect doesn't contain 'wp-admin', it's OK
    130     if ( !empty( $_REQUEST['redirect_to'] ) && false === strpos( $_REQUEST['redirect_to'], 'wp-admin' ) )
     133    }
     134
     135    // Only modify the redirect once the user is logged in
     136    if ( !is_a( $user, 'WP_User' ) ) {
    131137        return $redirect_to;
    132 
    133     if ( false === strpos( wp_get_referer(), 'wp-login.php' ) && false === strpos( wp_get_referer(), 'activate' ) && empty( $_REQUEST['nr'] ) )
     138    }
     139
     140    // Allow plugins to allow or disallow redirects, as desired
     141    $maybe_redirect = apply_filters( 'bp_core_login_redirect', false, $redirect_to, $redirect_to_raw, $user );
     142    if ( false !== $maybe_redirect ) {
     143        return $maybe_redirect;
     144    }
     145
     146    // If a 'redirect_to' parameter has been passed that contains 'wp-admin', verify that the
     147    // logged-in user has any business to conduct in the Dashboard before allowing the
     148    // redirect to go through
     149    if ( !empty( $_REQUEST['redirect_to'] ) && ( false === strpos( $_REQUEST['redirect_to'], 'wp-admin' ) || user_can( $user, 'edit_posts' ) ) ) {
     150        return $redirect_to;
     151    }
     152
     153    if ( false === strpos( wp_get_referer(), 'wp-login.php' ) && false === strpos( wp_get_referer(), 'activate' ) && empty( $_REQUEST['nr'] ) ) {
    134154        return wp_get_referer();
     155    }
    135156
    136157    return bp_get_root_domain();
    137158}
    138 add_filter( 'login_redirect', 'bp_core_login_redirect' );
     159add_filter( 'login_redirect', 'bp_core_login_redirect', 10, 3 );
    139160
    140161/***
Note: See TracChangeset for help on using the changeset viewer.