WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Option to force SSL. see #7561 

git-svn-id: http://svn.automattic.com/wordpress/trunk@8701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-08-21 17:40:38 +00:00
parent e0f519adc5
commit 203086a4de
5 changed files with 63 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/includes/user.php
View File

@ -73,6 +73,10 @@ function edit_user( $user_id = 0 ) {
else else
$user->rich_editing = 'false'; $user->rich_editing = 'false';
$user->use_ssl = 0;
if ( !empty($_POST['use_ssl']) )
$user->use_ssl = 1;
if ( !$update ) if ( !$update )
$user->admin_color = 'fresh'; // Default to fresh for new users. $user->admin_color = 'fresh'; // Default to fresh for new users.
else if ( isset( $_POST['admin_color'] ) ) else if ( isset( $_POST['admin_color'] ) )

27
wp-admin/user-edit.php
View File

@ -99,13 +99,24 @@ $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashe
$user_id = (int) $user_id; $user_id = (int) $user_id;
if ( !$user_id ) if ( !$user_id ) {
if ( $is_profile_page ) { if ( $is_profile_page ) {
$current_user = wp_get_current_user(); $current_user = wp_get_current_user();
$user_id = $current_user->ID; $user_id = $current_user->ID;
} else { } else {
wp_die(__('Invalid user ID.')); wp_die(__('Invalid user ID.'));
} }
}
// Optional SSL preference that can be turned on by hooking to the 'personal_options' action
function use_ssl_preference($user) {
?>
<tr>
<th scope="row"><?php _e('Use https')?></th>
<td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked('1', $user->use_ssl); ?> /> <?php _e('Always use https when visiting the admin'); ?></label></td>
</tr>
<?php
}
switch ($action) { switch ($action) {
case 'switchposts': case 'switchposts':
@ -129,7 +140,7 @@ if ( $is_profile_page ) {
$errors = edit_user($user_id); $errors = edit_user($user_id);
if( !is_wp_error( $errors ) ) { if ( !is_wp_error( $errors ) ) {
$redirect = ($is_profile_page? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true"; $redirect = ($is_profile_page? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
$redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect); $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
wp_redirect($redirect); wp_redirect($redirect);
@ -140,7 +151,7 @@ default:
$profileuser = get_user_to_edit($user_id); $profileuser = get_user_to_edit($user_id);
if ( !current_user_can('edit_user', $user_id) ) if ( !current_user_can('edit_user', $user_id) )
wp_die(__('You do not have permission to edit this user.')); wp_die(__('You do not have permission to edit this user.'));
include ('admin-header.php'); include ('admin-header.php');
?> ?>
@ -209,12 +220,14 @@ foreach ( $_wp_admin_css_colors as $color => $color_info ): ?>
<?php endforeach; ?> <?php endforeach; ?>
</fieldset></td> </fieldset></td>
</tr> </tr>
<?php endif; ?> <?php
endif;
do_action('personal_options', $profileuser);
?>
</table> </table>
<?php <?php
if ( $is_profile_page ) { if ( $is_profile_page )
do_action('profile_personal_options'); do_action('profile_personal_options', $profileuser);
}
?> ?>
<h3><?php _e('Name') ?></h3> <h3><?php _e('Name') ?></h3>

14
wp-includes/pluggable.php
View File

@ -703,8 +703,20 @@ function auth_redirect() {
} }
} }
if ( wp_validate_auth_cookie() ) if ( $user_id = wp_validate_auth_cookie() ) {
// If the user wants ssl but the session is not ssl, redirect.
if ( !$secure && get_user_option('use_ssl', $user_id) ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit();
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit();
}
}
return; // The cookie is good so we're done return; // The cookie is good so we're done
}
// The cookie is no good so force login // The cookie is no good so force login
nocache_headers(); nocache_headers();

4
wp-includes/registration.php
View File

@ -158,6 +158,9 @@ function wp_insert_user($userdata) {
$admin_color = 'fresh'; $admin_color = 'fresh';
$admin_color = preg_replace('|[^a-z0-9 _.\-@]|i', '', $admin_color); $admin_color = preg_replace('|[^a-z0-9 _.\-@]|i', '', $admin_color);
if ( empty($use_ssl) )
$use_ssl = 0;
if ( empty($user_registered) ) if ( empty($user_registered) )
$user_registered = gmdate('Y-m-d H:i:s'); $user_registered = gmdate('Y-m-d H:i:s');
@ -181,6 +184,7 @@ function wp_insert_user($userdata) {
update_usermeta( $user_id, 'yim', $yim ); update_usermeta( $user_id, 'yim', $yim );
update_usermeta( $user_id, 'rich_editing', $rich_editing); update_usermeta( $user_id, 'rich_editing', $rich_editing);
update_usermeta( $user_id, 'admin_color', $admin_color); update_usermeta( $user_id, 'admin_color', $admin_color);
update_usermeta( $user_id, 'use_ssl', $use_ssl);
if ( $update && isset($role) ) { if ( $update && isset($role) ) {
$user = new WP_User($user_id); $user = new WP_User($user_id);

29
wp-login.php
View File

@ -407,15 +407,30 @@ break;
case 'login' : case 'login' :
default: default:
if ( isset( $_REQUEST['redirect_to'] ) ) $secure_cookie = '';
$redirect_to = $_REQUEST['redirect_to'];
else
$redirect_to = admin_url();
if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) ) // If the user wants ssl but the session is not ssl, force a secure cookie.
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
$user_name = sanitize_user($_POST['log']);
if ( $user = get_userdatabylogin($user_name) ) {
if ( get_user_option('use_ssl', $user->ID) ) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if ( isset( $_REQUEST['redirect_to'] ) ) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ( $secure_cookie )
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
} else {
$redirect_to = admin_url();
}
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
$secure_cookie = false; $secure_cookie = false;
else
$secure_cookie = '';
$user = wp_signon('', $secure_cookie); $user = wp_signon('', $secure_cookie);