Skip to:
Content

BuddyPress.org

Opened 13 years ago

Closed 13 years ago

#3976 closed defect (bug) (fixed)

function bp_core_no_access redirects incorrectly when WP_SITEURL is defined

Reported by: lackingpenguin's profile lackingpenguin Owned by:
Milestone: 1.6 Priority: normal
Severity: normal Version: 1.5.3
Component: Core Keywords: has-patch
Cc:

Description

The function bp_core_no_access() defined on line 397 of /bp-core/bp-core-catchuri.php incorrectly defines the $redirect variable as the site root when WP_SITEURL is defined manually in wp-config.php.

In plain english, here's what happens. Normally, if a user tries to access a page they don't have the right to access, buddypress will redirect them to the wp-login.php page with the ?redirect_to variable set to the page that the user just tried to visit. When the user successfully logs in, wordpress sends them back to that page.

When you manually define WP_SITEURL in wp-config.php however, buddypress always redirects you to the homepage no matter where you came from before. This is quite annoying.

The reason this is happening is that bp_core_no_access() uses wp_guess_url() [defined on line 3760 of /wp-includes/functions.php] to define the URL to redirect users to after successful login. This is fine when WP_SITEURL is not defined, but when WP_SITEURL is defined wp_guess_url() returns simply WP_SITEURL (the homepage of the site) without any addition information. So the user is always redirected to the homepage no matter where they came from in the first place.

Either wp_guess_url() is not performing correctly, or bp_core_no_access() is USING it incorrectly.

Either way, seems to me that the $redirect variable of bp_core_no_access() should default to something like:

'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']

instead of defaulting to wp_guess_url().

Good luck, and email lackingpenguin@… if you have any questions.

Attachments (1)

3976.01.patch (1.1 KB) - added by r-a-y 13 years ago.

Download all attachments as: .zip

Change History (5)

#1 @r-a-y
13 years ago

  • Version changed from 1.5.3 to 1.5

Good call about the usage of wp_guess_url(). (My fault, since it was my chunk of code that was added to the codebase!)

I've attached a patch against the trunk version of BP.

In the meantime, you can hook into the "bp_core_no_access" or "bp_no_access_redirect" filter to override wp_guess_url().

Last edited 13 years ago by r-a-y (previous) (diff)

@r-a-y
13 years ago

#2 @r-a-y
13 years ago

  • Keywords has-patch added

#3 @johnjamesjacoby
13 years ago

  • Milestone changed from Awaiting Review to 1.6
  • Version changed from 1.5 to 1.5.3

#4 @johnjamesjacoby
13 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5767]) Use server info instead of wp_guess_url() in bp_core_no_access(). Fixes #3976. Props lackingpenguin, r-a-y.

Note: See TracTickets for help on using tickets.