diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 0f864334..63fc896f 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1,6 +1,6 @@ ID, $nonce ) ) { wp_safe_redirect( home_url() ); - return; + exit; } $provider = self::get_provider_for_user( $user, $provider ); @@ -1567,6 +1567,7 @@ public static function _login_form_validate_2fa( $user, $nonce = '', $provider = $redirect_to = apply_filters( 'login_redirect', $redirect_to, $redirect_to, $user ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- Core WordPress filter. wp_safe_redirect( $redirect_to ); + exit; } @@ -1602,7 +1603,7 @@ public static function login_form_revalidate_2fa() { public static function _login_form_revalidate_2fa( $nonce = '', $provider = '', $redirect_to = '', $is_post_request = false ) { if ( ! is_user_logged_in() ) { wp_safe_redirect( home_url() ); - return; + exit; } $user = wp_get_current_user(); @@ -1610,7 +1611,7 @@ public static function _login_form_revalidate_2fa( $nonce = '', $provider = '', // Validate the nonce for POST requests. GET requests do not perform actions, and such do not require the nonce (such as the initial request). if ( $is_post_request && ! wp_verify_nonce( $nonce, 'two_factor_revalidate_' . $user->ID ) ) { wp_safe_redirect( home_url() ); - return; + exit; } $provider = self::get_provider_for_user( $user, $provider ); @@ -1665,7 +1666,7 @@ public static function _login_form_revalidate_2fa( $nonce = '', $provider = '', $redirect_to = apply_filters( 'login_redirect', $redirect_to, $redirect_to, $user ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- Core WordPress filter. wp_safe_redirect( $redirect_to ); - return; + exit; } /**