diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index 9875356c65..1a07d7298b 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -781,7 +781,9 @@ function get_shortcut_link() { function site_url($path = '', $scheme = null) { // should the list of allowed schemes be maintained elsewhere? if ( !in_array($scheme, array('http', 'https')) ) { - if ( ('login' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) ) + if ( ('login_post' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) ) + $scheme = 'https'; + elseif ( ('login' == $scheme) && ( force_ssl_admin() ) ) $scheme = 'https'; elseif ( ('admin' == $scheme) && force_ssl_admin() ) $scheme = 'https'; diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 535f424161..7b5d7266c7 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -610,6 +610,10 @@ function wp_clear_auth_cookie() { setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); + setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); + setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); + setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); + setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); diff --git a/wp-login.php b/wp-login.php index 1a0490b291..cebf41eaa1 100644 --- a/wp-login.php +++ b/wp-login.php @@ -12,7 +12,7 @@ require( dirname(__FILE__) . '/wp-load.php' ); // Redirect to https login if forced to use SSL -if ( (force_ssl_admin() || force_ssl_login()) && !is_ssl() ) { +if ( force_ssl_admin() && !is_ssl() ) { if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); exit(); @@ -312,7 +312,7 @@ case 'retrievepassword' : login_header(__('Lost Password'), '
', $errors); ?> -