Login and Registration: Avoid a potentially incorrect value for the cookie hash on multisite installations that don't have a value in the `siteurl` network option.

This reverts [38619].

See #34084, #39497

Merges [40320] to the 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@40321


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
John Blackbourn 2017-03-23 19:03:37 +00:00
parent 913475ecdf
commit bfa0cc8b91
3 changed files with 3 additions and 17 deletions

View File

@ -334,6 +334,7 @@ switch($step) {
$scripts_to_print[] = 'user-profile'; $scripts_to_print[] = 'user-profile';
display_header();
// Fill in the data we gathered // Fill in the data we gathered
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : ''; $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
$user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : ''; $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
@ -346,26 +347,21 @@ switch($step) {
$error = false; $error = false;
if ( empty( $user_name ) ) { if ( empty( $user_name ) ) {
// TODO: poka-yoke // TODO: poka-yoke
display_header();
display_setup_form( __( 'Please provide a valid username.' ) ); display_setup_form( __( 'Please provide a valid username.' ) );
$error = true; $error = true;
} elseif ( $user_name != sanitize_user( $user_name, true ) ) { } elseif ( $user_name != sanitize_user( $user_name, true ) ) {
display_header();
display_setup_form( __( 'The username you provided has invalid characters.' ) ); display_setup_form( __( 'The username you provided has invalid characters.' ) );
$error = true; $error = true;
} elseif ( $admin_password != $admin_password_check ) { } elseif ( $admin_password != $admin_password_check ) {
// TODO: poka-yoke // TODO: poka-yoke
display_header();
display_setup_form( __( 'Your passwords do not match. Please try again.' ) ); display_setup_form( __( 'Your passwords do not match. Please try again.' ) );
$error = true; $error = true;
} elseif ( empty( $admin_email ) ) { } elseif ( empty( $admin_email ) ) {
// TODO: poka-yoke // TODO: poka-yoke
display_header();
display_setup_form( __( 'You must provide an email address.' ) ); display_setup_form( __( 'You must provide an email address.' ) );
$error = true; $error = true;
} elseif ( ! is_email( $admin_email ) ) { } elseif ( ! is_email( $admin_email ) ) {
// TODO: poka-yoke // TODO: poka-yoke
display_header();
display_setup_form( __( 'Sorry, that isn&#8217;t a valid email address. Email addresses look like <code>username@example.com</code>.' ) ); display_setup_form( __( 'Sorry, that isn&#8217;t a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
$error = true; $error = true;
} }
@ -373,16 +369,6 @@ switch($step) {
if ( $error === false ) { if ( $error === false ) {
$wpdb->show_errors(); $wpdb->show_errors();
$result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language ); $result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );
// Log the user in and send them to wp-admin:
if ( ! headers_sent() ) {
wp_set_auth_cookie( $result['user_id'], true, is_ssl() );
wp_redirect( admin_url() );
exit;
}
// If headers have already been sent, fall back to a "Success!" message:
display_header();
?> ?>
<h1><?php _e( 'Success!' ); ?></h1> <h1><?php _e( 'Success!' ); ?></h1>

View File

@ -205,7 +205,7 @@ function wp_cookie_constants() {
if ( $siteurl ) if ( $siteurl )
define( 'COOKIEHASH', md5( $siteurl ) ); define( 'COOKIEHASH', md5( $siteurl ) );
else else
define( 'COOKIEHASH', md5( wp_guess_url() ) ); define( 'COOKIEHASH', '' );
} }
/** /**

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.7.4-alpha-40291'; $wp_version = '4.7.4-alpha-40321';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.