Allow multiple query params when redirecting back to origin

5 years ago · 54d6784d44
parent 4955be3b71
commit 54d6784d44
2 changed files with 2 additions and 2 deletions
--- a/includes/openid-connect-generic-client-wrapper.php
+++ b/includes/openid-connect-generic-client-wrapper.php
@ -385,7 +385,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
 		$this->logger->log( "Successful login for: {$user->user_login} ({$user->ID})", 'login-success' );
 		// redirect back to the origin page if enabled
-		$redirect_url = isset( $_COOKIE[ $this->cookie_redirect_key ] ) ? esc_url( $_COOKIE[ $this->cookie_redirect_key ] ) : false;
+		$redirect_url = isset( $_COOKIE[ $this->cookie_redirect_key ] ) ? esc_url_raw( $_COOKIE[ $this->cookie_redirect_key ] ) : false;
 		if( $this->settings->redirect_user_back && !empty( $redirect_url ) ) {
 			do_action( 'openid-connect-generic-redirect-user-back', $redirect_url, $user );
--- a/includes/openid-connect-generic-login-form.php
+++ b/includes/openid-connect-generic-login-form.php
@ -77,7 +77,7 @@ class OpenID_Connect_Generic_Login_Form {
 				$redirect_url = admin_url();
 				if ( isset( $_REQUEST['redirect_to'] ) ) {
-					$redirect_url = esc_url( $_REQUEST[ 'redirect_to' ] );
+					$redirect_url = esc_url_raw( $_REQUEST[ 'redirect_to' ] );
 				}
 			}