WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Set post password cookies via an action in wp-login.php. Retire wp-pass.php (one less root file). Obey login ssl preferences for post password form submission. Props SergeyBiryukov. fixes #19798 

git-svn-id: http://svn.automattic.com/wordpress/trunk@19925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2012-02-14 18:29:22 +00:00
parent cf4135d478
commit 0dfe24e69b
3 changed files with 17 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/post-template.php
View File

@ -1220,7 +1220,7 @@ function prepend_attachment($content) {
function get_the_password_form() { function get_the_password_form() {
global $post; global $post;
$label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID );
$output = '<form action="' . site_url('wp-pass.php') . '" method="post"> $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
<p>' . __("This post is password protected. To view it please enter your password below:") . '</p> <p>' . __("This post is password protected. To view it please enter your password below:") . '</p>
<p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p>
</form> </form>

17
wp-login.php
View File

@ -350,7 +350,7 @@ if ( isset($_GET['key']) )
$action = 'resetpass'; $action = 'resetpass';
// validate action so as to default to the login screen // validate action so as to default to the login screen
if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) ) if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) )
$action = 'login'; $action = 'login';
nocache_headers(); nocache_headers();
@ -378,6 +378,21 @@ do_action( 'login_form_' . $action );
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']); $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
switch ($action) { switch ($action) {
case 'postpass' :
if ( empty( $wp_hasher ) ) {
require_once( ABSPATH . 'wp-includes/class-phpass.php' );
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
// 10 days
setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
wp_safe_redirect( wp_get_referer() );
exit();
break;
case 'logout' : case 'logout' :
check_admin_referer('log-out'); check_admin_referer('log-out');
wp_logout(); wp_logout();

22
wp-pass.php
View File

@ -1,22 +0,0 @@
<?php
/**
* Creates the password cookie and redirects back to where the
* visitor was before.
*
* @package WordPress
*/
/** Make sure that the WordPress bootstrap has run before continuing. */
require( dirname( __FILE__ ) . '/wp-load.php');
if ( empty( $wp_hasher ) ) {
require_once( ABSPATH . 'wp-includes/class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
// 10 days
setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
wp_safe_redirect( wp_get_referer() );
exit;