From 6ae5c6948c23715ce15010bb89c8c75a53238612 Mon Sep 17 00:00:00 2001 From: Daniel Bachhuber Date: Tue, 13 Feb 2018 06:24:45 -0800 Subject: [PATCH 1/2] Persist `redirect_to` value in a more accurate manner Pull it out of the URL when present: ``` /wp-login.php?redirect_to=http%3A%2F%2Fwp-saml-auth.dev%2Fwp-admin%2Fplugins.php&reauth=1 ``` Otherwise, defer to `$_SERVER['REQUEST_URI']` except when already on `wp-login.php` --- inc/class-wp-saml-auth.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/inc/class-wp-saml-auth.php b/inc/class-wp-saml-auth.php index f63f919..b266f4d 100644 --- a/inc/class-wp-saml-auth.php +++ b/inc/class-wp-saml-auth.php @@ -241,11 +241,19 @@ public function do_saml_authentication() { $this->provider->login( $redirect_to ); } } elseif ( is_a( $this->provider, 'SimpleSAML_Auth_Simple' ) ) { + $redirect_to = filter_input( INPUT_GET, 'redirect_to', FILTER_SANITIZE_URL ); + if ( $redirect_to ) { + $redirect_to = add_query_arg( 'redirect_to', $redirect_to, wp_login_url() ); + } else { + $redirect_to = wp_login_url(); + // Only persist redirect_to when it's not wp-login.php. + if ( false === stripos( $redirect_to, $_SERVER['REQUEST_URI'] ) ) { + $redirect_to = add_query_arg( 'redirect_to', $_SERVER['REQUEST_URI'], $redirect_to ); + } + } $this->provider->requireAuth( array( - // Prevent WordPress from dropping the login cookie - // when REQUEST_URI is /wp-admin/. - 'ReturnTo' => str_replace( '&reauth=1', '', $_SERVER['REQUEST_URI'] ), + 'ReturnTo' => $redirect_to, ) ); $attributes = $this->provider->getAttributes(); From 1e3862b26f0921c2fc69850ea05561c9ab46d983 Mon Sep 17 00:00:00 2001 From: Daniel Bachhuber Date: Tue, 13 Feb 2018 15:22:59 -0800 Subject: [PATCH 2/2] Update readme for v0.3.7 --- README.md | 5 ++++- readme.txt | 5 ++++- wp-saml-auth.php | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3ec3f88..14676ea 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **Tags:** authentication, SAML **Requires at least:** 4.4 **Tested up to:** 4.9 -**Stable tag:** 0.3.6 +**Stable tag:** 0.3.7 **License:** GPLv2 or later **License URI:** http://www.gnu.org/licenses/gpl-2.0.html @@ -253,6 +253,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati ## Changelog ## +### 0.3.7 (February 13, 2018) ### +* Persists `redirect_to` value in a more accurate manner, as a follow up to the change in v0.3.6 [[#113](https://github.com/pantheon-systems/wp-saml-auth/pull/113)]. + ### 0.3.6 (February 7, 2018) ### * Prevents WordPress from dropping authentication cookie when user is redirected to login from `/wp-admin/` URLs [[#112](https://github.com/pantheon-systems/wp-saml-auth/pull/112)]. diff --git a/readme.txt b/readme.txt index 741b7e3..d7d8d59 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: getpantheon, danielbachhuber, Outlandish Josh Tags: authentication, SAML Requires at least: 4.4 Tested up to: 4.9 -Stable tag: 0.3.6 +Stable tag: 0.3.7 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -253,6 +253,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati == Changelog == += 0.3.7 (February 13, 2018) = +* Persists `redirect_to` value in a more accurate manner, as a follow up to the change in v0.3.6 [[#113](https://github.com/pantheon-systems/wp-saml-auth/pull/113)]. + = 0.3.6 (February 7, 2018) = * Prevents WordPress from dropping authentication cookie when user is redirected to login from `/wp-admin/` URLs [[#112](https://github.com/pantheon-systems/wp-saml-auth/pull/112)]. diff --git a/wp-saml-auth.php b/wp-saml-auth.php index c36c09e..b7cb1cd 100644 --- a/wp-saml-auth.php +++ b/wp-saml-auth.php @@ -1,7 +1,7 @@