WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Only use SSL for login POST links if SSL logins are forced. Clear old cookies. see #7001 

git-svn-id: http://svn.automattic.com/wordpress/trunk@8197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-06-26 16:40:04 +00:00
parent f0935b49ae
commit 63b5bd26fe
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/link-template.php
View File

@ -781,7 +781,9 @@ function get_shortcut_link() {
function site_url($path = '', $scheme = null) {
// should the list of allowed schemes be maintained elsewhere?
if ( !in_array($scheme, array('http', 'https')) ) {
if ( ('login' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) )
if ( ('login_post' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) )
$scheme = 'https';
elseif ( ('login' == $scheme) && ( force_ssl_admin() ) )
$scheme = 'https';
elseif ( ('admin' == $scheme) && force_ssl_admin() )
$scheme = 'https';

4
wp-includes/pluggable.php
View File

@ -610,6 +610,10 @@ function wp_clear_auth_cookie() {
setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);

10
wp-login.php
View File

@ -12,7 +12,7 @@
require( dirname(__FILE__) . '/wp-load.php' );
// Redirect to https login if forced to use SSL
if ( (force_ssl_admin() || force_ssl_login()) && !is_ssl() ) {
if ( force_ssl_admin() && !is_ssl() ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit();
@ -312,7 +312,7 @@ case 'retrievepassword' :
login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '</p>', $errors);
?>
<form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post">
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
<p>
<label><?php _e('Username or E-mail:') ?><br />
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" /></label>
@ -376,7 +376,7 @@ case 'register' :
login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
?>
<form name="registerform" id="registerform" action="wp-login.php?action=register" method="post">
<form name="registerform" id="registerform" action="<?php echo siteu_url('wp-login.php?action=register', 'login_post') ?>" method="post">
<p>
<label><?php _e('Username') ?><br />
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
@ -409,7 +409,7 @@ default:
if ( isset( $_REQUEST['redirect_to'] ) )
$redirect_to = $_REQUEST['redirect_to'];
else
$redirect_to = 'wp-admin/';
$redirect_to = admin_url();
if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
$secure_cookie = false;
@ -445,7 +445,7 @@ default:
login_header(__('Login'), '', $errors);
?>
<form name="loginform" id="loginform" action="wp-login.php" method="post">
<form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post">
<?php if ( !isset($_GET['checkemail']) || !in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
<p>
<label><?php _e('Username') ?><br />