From cbfc5e88cb06e2f3e612dc89eacb913827a304ac Mon Sep 17 00:00:00 2001 From: Rey Calantaol Date: Mon, 20 Mar 2023 06:31:03 +0800 Subject: [PATCH 1/2] #357 - Prevent login to site when site is installed in a sub directory should not cause redirect loop Resolves #357 @polevaultweb --- includes/actions.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/includes/actions.php b/includes/actions.php index eec9388d..0492e49c 100644 --- a/includes/actions.php +++ b/includes/actions.php @@ -423,11 +423,8 @@ function wpum_prevent_entire_site() { $wp_login_locked = wpum_get_option( 'lock_wplogin' ); $is_wp_login = $pagenow && 'wp-login.php' === $pagenow; - $url_part = filter_input( INPUT_SERVER, 'REQUEST_URI' ); - - if ( empty( $url_part ) ) { - $url_part = ''; - } + $url_part = basename( $_SERVER['REQUEST_URI'] ); + $url_part .= '/'; $url = home_url( $url_part ); From 406f328c4d52d172cdc57a4faf7a1b1a907e584f Mon Sep 17 00:00:00 2001 From: Iain Date: Sat, 18 Nov 2023 22:20:33 +0000 Subject: [PATCH 2/2] Improve how current URL is detected --- includes/actions.php | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/includes/actions.php b/includes/actions.php index 0492e49c..dd61b6db 100644 --- a/includes/actions.php +++ b/includes/actions.php @@ -423,12 +423,9 @@ function wpum_prevent_entire_site() { $wp_login_locked = wpum_get_option( 'lock_wplogin' ); $is_wp_login = $pagenow && 'wp-login.php' === $pagenow; - $url_part = basename( $_SERVER['REQUEST_URI'] ); - $url_part .= '/'; + $requested_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; // phpcs:ignore - $url = home_url( $url_part ); - - if ( isset( $_SERVER['REQUEST_URI'] ) && $url === $login_page || ( $is_wp_login && ( ! empty( $_GET['wpum_override'] ) || ! $wp_login_locked ) ) ) { // phpcs:ignore + if ( $requested_url === $login_page || ( $is_wp_login && ( ! empty( $_GET['wpum_override'] ) || ! $wp_login_locked ) ) ) { // phpcs:ignore return; } @@ -439,7 +436,7 @@ function wpum_prevent_entire_site() { $password_reset_page_id = wpum_get_core_page_id( 'password' ); if ( ! empty( $password_reset_page_id ) ) { $password_reset_page = get_permalink( $password_reset_page_id ); - if ( 0 === strpos( $url, $password_reset_page ) ) { + if ( 0 === strpos( $requested_url, $password_reset_page ) ) { return; } } @@ -449,14 +446,14 @@ function wpum_prevent_entire_site() { $registration_pages[] = get_permalink( wpum_get_core_page_id( 'register' ) ); foreach ( apply_filters( 'wpum_registration_pages', $registration_pages ) as $registration_page ) { - if ( $url === $registration_page ) { + if ( $requested_url === $registration_page ) { return; } } } foreach ( apply_filters( 'wpum_prevent_entire_site_access_allowed_urls', array() ) as $allowed_url ) { - if ( $url === $allowed_url ) { + if ( $requested_url === $allowed_url ) { return; } }