Skip to content

Commit 1be422d

Browse files
sjinkssjinks
committed
fix: ensure execution stops after redirects.
1 parent eb4762c commit 1be422d

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

class-two-factor-core.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
<?php
22
/**
3-
* Two Factore Core Class.
3+
* Two Factor Core Class.
44
*
55
* @package Two_Factor
66
*/
@@ -1479,7 +1479,7 @@ public static function _login_form_validate_2fa( $user, $nonce = '', $provider =
14791479
// Validate the request.
14801480
if ( true !== self::verify_login_nonce( $user->ID, $nonce ) ) {
14811481
wp_safe_redirect( home_url() );
1482-
return;
1482+
exit();
14831483
}
14841484

14851485
$provider = self::get_provider_for_user( $user, $provider );
@@ -1567,6 +1567,7 @@ public static function _login_form_validate_2fa( $user, $nonce = '', $provider =
15671567

15681568
$redirect_to = apply_filters( 'login_redirect', $redirect_to, $redirect_to, $user ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- Core WordPress filter.
15691569
wp_safe_redirect( $redirect_to );
1570+
exit();
15701571
}
15711572

15721573

@@ -1602,15 +1603,15 @@ public static function login_form_revalidate_2fa() {
16021603
public static function _login_form_revalidate_2fa( $nonce = '', $provider = '', $redirect_to = '', $is_post_request = false ) {
16031604
if ( ! is_user_logged_in() ) {
16041605
wp_safe_redirect( home_url() );
1605-
return;
1606+
exit();
16061607
}
16071608

16081609
$user = wp_get_current_user();
16091610

16101611
// Validate the nonce for POST requests. GET requests do not perform actions, and such do not require the nonce (such as the initial request).
16111612
if ( $is_post_request && ! wp_verify_nonce( $nonce, 'two_factor_revalidate_' . $user->ID ) ) {
16121613
wp_safe_redirect( home_url() );
1613-
return;
1614+
exit();
16141615
}
16151616

16161617
$provider = self::get_provider_for_user( $user, $provider );
@@ -1665,7 +1666,7 @@ public static function _login_form_revalidate_2fa( $nonce = '', $provider = '',
16651666

16661667
$redirect_to = apply_filters( 'login_redirect', $redirect_to, $redirect_to, $user ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- Core WordPress filter.
16671668
wp_safe_redirect( $redirect_to );
1668-
return;
1669+
exit();
16691670
}
16701671

16711672
/**

0 commit comments

Comments
 (0)