Always exit after wp_redirect

david-binda · david-binda · commit 025d042c7e4b · 2017-11-07T17:53:36.000+01:00
As the SSO plugin should be the autoritative login solution running on a site, it should enforce redirection in case it's needed. This commit replaced `return false;` with `exit;` in `saml_lostpassword` and `saml_user_register` functions. That way, we make sure the redirection happens early and would be the very last action of the HTTP request in WordPress. See https://developer.wordpress.org/reference/functions/wp_redirect/
diff --git a/onelogin-saml-sso/php/functions.php b/onelogin-saml-sso/php/functions.php
@@ -47,15 +47,15 @@ function saml_lostpassword() {
 	$target = get_option('onelogin_saml_customize_links_lost_password');
 	if (!empty($target)) {
 		wp_redirect($target);
-		return false;
+		exit;
 	}
 }
 
 function saml_user_register() {
 	$target = get_option('onelogin_saml_customize_links_user_registration');
 	if (!empty($target)) {
 		wp_redirect($target);
-		return false;
+		exit;
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -47,15 +47,15 @@ function saml_lostpassword() {`
`47`	`47`	`$target = get_option('onelogin_saml_customize_links_lost_password');`
`48`	`48`	`if (!empty($target)) {`
`49`	`49`	`wp_redirect($target);`
`50`		`- return false;`
	`50`	`+ exit;`
`51`	`51`	`}`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`function saml_user_register() {`
`55`	`55`	`$target = get_option('onelogin_saml_customize_links_user_registration');`
`56`	`56`	`if (!empty($target)) {`
`57`	`57`	`wp_redirect($target);`
`58`		`- return false;`
	`58`	`+ exit;`
`59`	`59`	`}`
`60`	`60`	`}`
`61`	`61`