From 654c4b3f98ba8e1fd3452860d5aed191eadc8ce9 Mon Sep 17 00:00:00 2001
From: Ryan McCue <me@ryanmccue.info>
Date: Mon, 31 May 2021 12:56:00 +0100
Subject: [PATCH 1/2] Switch wp_safe_redirect back to wp_redirect

This redirect is *intentionally* open, so must use the regular redirect function.
---
 inc/types/class-authorization-code.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/inc/types/class-authorization-code.php b/inc/types/class-authorization-code.php
index 6b450bd..2cc49a7 100644
--- a/inc/types/class-authorization-code.php
+++ b/inc/types/class-authorization-code.php
@@ -73,7 +73,8 @@ protected function handle_authorization_submission( $submit, Client $client, $da
 		);
 
 		$generated_redirect = add_query_arg( urlencode_deep( $redirect_args ), $redirect_uri );
-		wp_safe_redirect( $generated_redirect );
+		// phpcs:ignore WordPress.Security.SafeRedirectSniff -- Intentionally external redirect, secured via client registration.
+		wp_redirect( $generated_redirect );
 		exit;
 	}
 }

From 12d2c7c83611e7499e1357c50978c9c7ae7b8eb1 Mon Sep 17 00:00:00 2001
From: Ryan McCue <me@ryanmccue.info>
Date: Mon, 31 May 2021 13:02:04 +0100
Subject: [PATCH 2/2] Correct sniff code

---
 inc/types/class-authorization-code.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/types/class-authorization-code.php b/inc/types/class-authorization-code.php
index 2cc49a7..dae2470 100644
--- a/inc/types/class-authorization-code.php
+++ b/inc/types/class-authorization-code.php
@@ -73,7 +73,7 @@ protected function handle_authorization_submission( $submit, Client $client, $da
 		);
 
 		$generated_redirect = add_query_arg( urlencode_deep( $redirect_args ), $redirect_uri );
-		// phpcs:ignore WordPress.Security.SafeRedirectSniff -- Intentionally external redirect, secured via client registration.
+		// phpcs:ignore WordPress.Security.SafeRedirect -- Intentionally external redirect, secured via client registration.
 		wp_redirect( $generated_redirect );
 		exit;
 	}