Only use SSL for login POST links if SSL logins are forced. Clear old cookies. see #7001
git-svn-id: http://svn.automattic.com/wordpress/trunk@8197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f0935b49ae
commit
63b5bd26fe
|
@ -781,7 +781,9 @@ function get_shortcut_link() {
|
||||||
function site_url($path = '', $scheme = null) {
|
function site_url($path = '', $scheme = null) {
|
||||||
// should the list of allowed schemes be maintained elsewhere?
|
// should the list of allowed schemes be maintained elsewhere?
|
||||||
if ( !in_array($scheme, array('http', 'https')) ) {
|
if ( !in_array($scheme, array('http', 'https')) ) {
|
||||||
if ( ('login' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) )
|
if ( ('login_post' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) )
|
||||||
|
$scheme = 'https';
|
||||||
|
elseif ( ('login' == $scheme) && ( force_ssl_admin() ) )
|
||||||
$scheme = 'https';
|
$scheme = 'https';
|
||||||
elseif ( ('admin' == $scheme) && force_ssl_admin() )
|
elseif ( ('admin' == $scheme) && force_ssl_admin() )
|
||||||
$scheme = 'https';
|
$scheme = 'https';
|
||||||
|
|
|
@ -610,6 +610,10 @@ function wp_clear_auth_cookie() {
|
||||||
setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
||||||
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
||||||
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
||||||
|
setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
|
setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||||
|
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
|
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||||
setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||||
|
|
||||||
|
|
10
wp-login.php
10
wp-login.php
|
@ -12,7 +12,7 @@
|
||||||
require( dirname(__FILE__) . '/wp-load.php' );
|
require( dirname(__FILE__) . '/wp-load.php' );
|
||||||
|
|
||||||
// Redirect to https login if forced to use SSL
|
// Redirect to https login if forced to use SSL
|
||||||
if ( (force_ssl_admin() || force_ssl_login()) && !is_ssl() ) {
|
if ( force_ssl_admin() && !is_ssl() ) {
|
||||||
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
|
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
|
||||||
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
|
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
|
||||||
exit();
|
exit();
|
||||||
|
@ -312,7 +312,7 @@ case 'retrievepassword' :
|
||||||
login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '</p>', $errors);
|
login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '</p>', $errors);
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post">
|
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
|
||||||
<p>
|
<p>
|
||||||
<label><?php _e('Username or E-mail:') ?><br />
|
<label><?php _e('Username or E-mail:') ?><br />
|
||||||
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" /></label>
|
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" /></label>
|
||||||
|
@ -376,7 +376,7 @@ case 'register' :
|
||||||
login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
|
login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<form name="registerform" id="registerform" action="wp-login.php?action=register" method="post">
|
<form name="registerform" id="registerform" action="<?php echo siteu_url('wp-login.php?action=register', 'login_post') ?>" method="post">
|
||||||
<p>
|
<p>
|
||||||
<label><?php _e('Username') ?><br />
|
<label><?php _e('Username') ?><br />
|
||||||
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
|
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
|
||||||
|
@ -409,7 +409,7 @@ default:
|
||||||
if ( isset( $_REQUEST['redirect_to'] ) )
|
if ( isset( $_REQUEST['redirect_to'] ) )
|
||||||
$redirect_to = $_REQUEST['redirect_to'];
|
$redirect_to = $_REQUEST['redirect_to'];
|
||||||
else
|
else
|
||||||
$redirect_to = 'wp-admin/';
|
$redirect_to = admin_url();
|
||||||
|
|
||||||
if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
|
if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
|
||||||
$secure_cookie = false;
|
$secure_cookie = false;
|
||||||
|
@ -445,7 +445,7 @@ default:
|
||||||
login_header(__('Login'), '', $errors);
|
login_header(__('Login'), '', $errors);
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<form name="loginform" id="loginform" action="wp-login.php" method="post">
|
<form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post">
|
||||||
<?php if ( !isset($_GET['checkemail']) || !in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
|
<?php if ( !isset($_GET['checkemail']) || !in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
|
||||||
<p>
|
<p>
|
||||||
<label><?php _e('Username') ?><br />
|
<label><?php _e('Username') ?><br />
|
||||||
|
|
Loading…
Reference in New Issue