From b18ef94f0a3935896e99e34996939294356471bb Mon Sep 17 00:00:00 2001 From: Francis Pineda Date: Thu, 14 Mar 2024 10:20:29 +0800 Subject: [PATCH] fix: added check for state --- includes/wp-affinidi-login-callback.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/includes/wp-affinidi-login-callback.php b/includes/wp-affinidi-login-callback.php index acb2ed4..8359645 100644 --- a/includes/wp-affinidi-login-callback.php +++ b/includes/wp-affinidi-login-callback.php @@ -22,9 +22,9 @@ // } // Authenticate Check and Redirect -if (!isset($_GET['code']) && !isset($_GET['error_description'])) { +if (!isset($_GET['code']) && !isset($_GET['error_description']) && !empty($_GET['state'])) { - // Grab a copy of the options and set the redirect location. + // Grab the state from the Auth URL and send to AL $state = $_GET['state']; // generate code verifier and challenge @@ -51,6 +51,16 @@ exit; } +// Check for error +if (empty($_GET['state'])) { + // log error description on server side + $log_message = "Affinidi Login: State is empty".PHP_EOL; + error_log($log_message); + // redirect user with error code + wp_safe_redirect($user_redirect . "?message=affinidi_login_failed"); + exit; +} + // retrieve state and get the transient info for redirect $state = sanitize_text_field($_GET['state']); $redirect_to = get_transient("affinidi_user_redirect_to".$state);