Bug #791
closedURL params are stripped in bp_core_no_access() redirects
0%
Description
See #227.
When attempting to visit access-restricted pages while not logged in, bp_core_no_access() redirects to wp-login.php, with a redirect_to argument of the originally requested URL. However, additional URL parameters are not being included in the redirect_to URL. Eg,
http://local.cicdev.com/groups/boone-hidden-testtntnttntn/docs/very-excellent-doc/history?action=diff&post_type=bp_doc&right=1523&left=283
gets redirected to
http://local.cicdev.com/groups/boone-hidden-testtntnttntn/docs/very-excellent-doc/history
This is probably just a function of how wp-login.php and wp_redirect() work, but it's worth spending a little bit of time figuring out whether it's something that can be avoided.
Updated by Raymond Hoh over 13 years ago
Just thinking off the top of my head, but I believe the $redirect variable in bp_core_no_access() might need to use trailingslashit().
At least this gives me a chance to try out BP Docs :)
Will give my theory a try a little later!
Updated by Raymond Hoh over 13 years ago
Problem occurs on line 180 of buddypress-docs/includes/integration-bp.php
Instead of using bp_core_redirect(), you could use the new bp_core_no_access() function! :)
You can try this instead:
if ( !bp_docs_current_user_can( 'view_history' ) ) {
if ( function_exists( 'bp_core_no_access' ) ) {
if ( is_user_logged_in() )
bp_core_no_access( array( 'redirect' => false, 'message' => __( 'You do not have permission to view this Doc\'s history.', 'bp-docs' ) ) );
else
bp_core_no_access();
}
// old compatibility
else {
// The user does not have edit permission. Redirect.
bp_core_add_message( __( 'You do not have permission to view this Doc\'s history.', 'bp-docs' ), 'error' );
$doc = bp_docs_get_current_doc();
$redirect = bp_docs_get_doc_link( $doc->ID );
// Redirect back to the Doc list view
bp_core_redirect( $redirect );
}
}
Updated by Boone Gorges over 13 years ago
- Assignee changed from Raymond Hoh to Boone Gorges
Cool - thanks for tracking it down, Ray!
I see two different things going on here. One is that I should use bp_core_no_access() if available. The other is that I should concatenate the redirect URL differently in the case of the 'history' tab.
Thus:
https://github.com/boonebgorges/buddypress-docs/issues/105
and
https://github.com/boonebgorges/buddypress-docs/issues/104
I'll take care of this as I gear up for the next release. Thanks!
Updated by Boone Gorges over 13 years ago
- Status changed from Assigned to Resolved
Fixed in https://github.com/boonebgorges/buddypress-docs/commit/1b9746131c03dfe1e23e646640b0fc6e240a17c1 in BuddyPress Docs. It'll come into the Commons on the next update.