Merge pull request #137 from claytoncollie/fix/redirect-to

SSO: check that `$REQUEST['redirect_to']` is a string before using it inside the conditional
10up · Aug 16, 2023 · be7aec0 · be7aec0
2 parents 62cc01e + 9495500
commit be7aec0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/includes/classes/SSO/SSO.php b/includes/classes/SSO/SSO.php
@@ -297,7 +297,7 @@ public function process_client_login() {
 			$tenup_login_failed = true;
 		} else {
 			$redirect_url = wp_login_url();
-			if ( isset( $_REQUEST['redirect_to'] ) ) {
+			if ( isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) {
 				$redirect_url = add_query_arg( 'redirect_to', rawurlencode( $_REQUEST['redirect_to'] ), $redirect_url );
 			}