Ticket #14748: 14748.diff

File 14748.diff, 1.8 KB (added by dd32, 2 years ago)

  • wp-includes/post-template.php

     
    555555        if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) ) 
    556556                return true; 
    557557 
    558         if ( $_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password ) 
     558        if ( stripslashes($_COOKIE['wp-postpass_' . COOKIEHASH]) != $post->post_password ) 
    559559                return true; 
    560560 
    561561        return false; 
     
    12061206 */ 
    12071207function get_the_password_form() { 
    12081208        global $post; 
    1209         $label = 'pwbox-'.(empty($post->ID) ? rand() : $post->ID); 
    1210         $output = '<form action="' . get_option('siteurl') . '/wp-pass.php" method="post"> 
     1209        $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 
     1210        $output = '<form action="' . site_url('wp-pass.php') . '" method="post"> 
    12111211        <p>' . __("This post is password protected. To view it please enter your password below:") . '</p> 
    12121212        <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> 
    12131213        </form> 

  • wp-pass.php

     
    99/** Make sure that the WordPress bootstrap has run before continuing. */ 
    1010require( dirname(__FILE__) . '/wp-load.php'); 
    1111 
    12 if ( get_magic_quotes_gpc() ) 
    13         $_POST['post_password'] = stripslashes($_POST['post_password']); 
    14  
    1512// 10 days 
    16 setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); 
     13setcookie('wp-postpass_' . COOKIEHASH, stripslashes($_POST['post_password']), time() + 864000, COOKIEPATH); 
    1714 
    1815wp_safe_redirect(wp_get_referer()); 
    1916exit;