Context Navigation

Back to Ticket #7001

Ticket #7001: cookie_split.diff

File cookie_split.diff, 19.8 KB (added by ryan, 5 years ago)
Separate logged in and auth cookies. Deliver auth cookies only for wp-admin

Line
1	Index: wp-login.php
2	===================================================================
3	--- wp-login.php (revision 8065)
4	+++ wp-login.php (working copy)
5	@@ -11,6 +11,17 @@
6	/** Make sure that the WordPress bootstrap has ran before continuing. */
7	require( dirname(__FILE__) . '/wp-load.php' );
8
9	+// Redirect to https login if forced to use SSL
10	+if ( (force_ssl_admin() \|\| force_ssl_login()) && !is_ssl() ) {
11	+ if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) {
12	+ wp_redirect(str_replace('http://', 'https://', $_SERVER['REQUEST_URI']));
13	+ exit();
14	+ } else {
15	+ wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
16	+ exit();
17	+ }
18	+}
19	+
20	/**
21	* login_header() - Outputs the header for the login page
22	*
23	@@ -137,7 +148,7 @@
24	$message .= get_option('siteurl') . "\r\n\r\n";
25	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
26	$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
27	- $message .= site_url("wp-login.php?action=rp&key=$key") . "\r\n";
28	+ $message .= site_url("wp-login.php?action=rp&key=$key", 'login') . "\r\n";
29
30	if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) )
31	die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
32	@@ -174,7 +185,7 @@
33	wp_set_password($new_pass, $user->ID);
34	$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
35	$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
36	- $message .= site_url('wp-login.php') . "\r\n";
37	+ $message .= site_url('wp-login.php', 'login') . "\r\n";
38
39	if ( !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) )
40	die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
41	@@ -312,10 +323,10 @@
42
43	<p id="nav">
44	<?php if (get_option('users_can_register')) : ?>
45	-<a href="<?php echo site_url('wp-login.php', 'forceable') ?>"><?php _e('Log in') ?></a> \|
46	-<a href="<?php echo site_url('wp-login.php?action=register') ?>"><?php _e('Register') ?></a>
47	+<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> \|
48	+<a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a>
49	<?php else : ?>
50	-<a href="<?php echo site_url('wp-login.php', 'forceable') ?>"><?php _e('Log in') ?></a>
51	+<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a>
52	<?php endif; ?>
53	</p>
54
55	@@ -380,8 +391,8 @@
56	</form>
57
58	<p id="nav">
59	-<a href="<?php echo site_url('wp-login.php', 'forceable') ?>"><?php _e('Log in') ?></a> \|
60	-<a href="<?php echo site_url('wp-login.php?action=lostpassword') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
61	+<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> \|
62	+<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
63	</p>
64
65	</div>
66	@@ -395,13 +406,18 @@
67
68	case 'login' :
69	default:
70	- $user = wp_signon();
71	-
72	if ( isset( $_REQUEST['redirect_to'] ) )
73	$redirect_to = $_REQUEST['redirect_to'];
74	else
75	$redirect_to = 'wp-admin/';
76
77	+ if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) )
78	+ $secure_cookie = false;
79	+ else
80	+ $secure_cookie = '';
81	+
82	+ $user = wp_signon('', $secure_cookie);
83	+
84	if ( !is_wp_error($user) ) {
85	// If the user can't edit posts, send them to their profile.
86	if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) \|\| $redirect_to == 'wp-admin/' ) )
87	@@ -454,10 +470,10 @@
88	<p id="nav">
89	<?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
90	<?php elseif (get_option('users_can_register')) : ?>
91	-<a href="<?php echo site_url('wp-login.php?action=register') ?>"><?php _e('Register') ?></a> \|
92	-<a href="<?php echo site_url('wp-login.php?action=lostpassword') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
93	+<a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> \|
94	+<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
95	<?php else : ?>
96	-<a href="<?php echo site_url('wp-login.php?action=lostpassword') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
97	+<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
98	<?php endif; ?>
99	</p>
100
101	Index: wp-includes/functions.php
102	===================================================================
103	--- wp-includes/functions.php (revision 8065)
104	+++ wp-includes/functions.php (working copy)
105	@@ -1768,4 +1768,29 @@
106	function is_ssl() {
107	return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;
108	}
109	+
110	+function force_ssl_login($force = '') {
111	+ static $forced;
112	+
113	+ if ( '' != $force ) {
114	+ $old_forcded = $forced;
115	+ $forced = $force;
116	+ return $old_forced;
117	+ }
118	+
119	+ return $forced;
120	+}
121	+
122	+function force_ssl_admin($force = '') {
123	+ static $forced;
124	+
125	+ if ( '' != $force ) {
126	+ $old_forcded = $forced;
127	+ $forced = $force;
128	+ return $old_forced;
129	+ }
130	+
131	+ return $forced;
132	+}
133	+
134	?>
135	Index: wp-includes/user.php
136	===================================================================
137	--- wp-includes/user.php (revision 8065)
138	+++ wp-includes/user.php (working copy)
139	@@ -1,6 +1,6 @@
140	<?php
141
142	-function wp_signon( $credentials = '' ) {
143	+function wp_signon( $credentials = '', $secure_cookie = '' ) {
144	if ( empty($credentials) ) {
145	if ( ! empty($_POST['log']) )
146	$credentials['user_login'] = $_POST['log'];
147	@@ -21,13 +21,21 @@
148
149	do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
150
151	+ if ( '' === $secure_cookie )
152	+ $secure_cookie = is_ssl() ? true : false;
153	+
154	// If no credential info provided, check cookie.
155	if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) {
156	$user = wp_validate_auth_cookie();
157	if ( $user )
158	return new WP_User($user);
159
160	- if ( !empty($_COOKIE[AUTH_COOKIE]) )
161	+ if ( $secure_cookie )
162	+ $auth_cookie = SECURE_AUTH_COOKIE;
163	+ else
164	+ $auth_cookie = AUTH_COOKIE;
165	+
166	+ if ( !empty($_COOKIE[$auth_cookie]) )
167	return new WP_Error('expired_session', __('Please log in again.'));
168
169	// If the cookie is not set, be silent.
170	@@ -48,7 +56,7 @@
171	if ( is_wp_error($user) )
172	return $user;
173
174	- wp_set_auth_cookie($user->ID, $credentials['remember']);
175	+ wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
176	do_action('wp_login', $credentials['user_login']);
177	return $user;
178	}
179	Index: wp-includes/link-template.php
180	===================================================================
181	--- wp-includes/link-template.php (revision 8065)
182	+++ wp-includes/link-template.php (working copy)
183	@@ -780,8 +780,10 @@
184	function site_url($path = '', $scheme = null) {
185	// should the list of allowed schemes be maintained elsewhere?
186	if ( !in_array($scheme, array('http', 'https')) ) {
187	- if ( ('forceable' == $scheme) && (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )
188	+ if ( ('login' == $scheme) && ( force_ssl_login() \|\| force_ssl_admin() ) )
189	$scheme = 'https';
190	+ elseif ( ('admin' == $scheme) && force_ssl_admin() )
191	+ $scheme = 'https';
192	else
193	$scheme = ( is_ssl() ? 'https' : 'http' );
194	}
195	@@ -797,7 +799,7 @@
196	function admin_url($path = '') {
197	global $_wp_admin_url;
198
199	- $url = site_url('wp-admin/', 'forceable');
200	+ $url = site_url('wp-admin/', 'admin');
201
202	if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
203	$url .= ltrim($path, '/');
204	Index: wp-includes/general-template.php
205	===================================================================
206	--- wp-includes/general-template.php (revision 8065)
207	+++ wp-includes/general-template.php (working copy)
208	@@ -33,9 +33,9 @@
209
210	function wp_loginout() {
211	if ( ! is_user_logged_in() )
212	- $link = '<a href="' . site_url('wp-login.php', 'forceable') . '">' . __('Log in') . '</a>';
213	+ $link = '<a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a>';
214	else
215	- $link = '<a href="' . site_url('wp-login.php?action=logout', 'forceable') . '">' . __('Log out') . '</a>';
216	+ $link = '<a href="' . site_url('wp-login.php?action=logout', 'login') . '">' . __('Log out') . '</a>';
217
218	echo apply_filters('loginout', $link);
219	}
220	@@ -45,7 +45,7 @@
221
222	if ( ! is_user_logged_in() ) {
223	if ( get_option('users_can_register') )
224	- $link = $before . '<a href="' . site_url('wp-login.php?action=register', 'forceable') . '">' . __('Register') . '</a>' . $after;
225	+ $link = $before . '<a href="' . site_url('wp-login.php?action=register', 'login') . '">' . __('Register') . '</a>' . $after;
226	else
227	$link = '';
228	} else {
229	Index: wp-includes/pluggable.php
230	===================================================================
231	--- wp-includes/pluggable.php (revision 8065)
232	+++ wp-includes/pluggable.php (working copy)
233	@@ -100,8 +100,10 @@
234	return;
235
236	if ( ! $user = wp_validate_auth_cookie() ) {
237	- wp_set_current_user(0);
238	- return false;
239	+ if ( empty($_COOKIE[LOGGED_IN_COOKIE]) \|\| !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
240	+ wp_set_current_user(0);
241	+ return false;
242	+ }
243	}
244
245	wp_set_current_user($user);
246	@@ -465,14 +467,18 @@
247	* @since 2.5
248	*
249	* @param string $cookie Optional. If used, will validate contents instead of cookie's
250	+ * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
251	* @return bool\|int False if invalid cookie, User ID if valid.
252	*/
253	-function wp_validate_auth_cookie($cookie = '') {
254	+function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') {
255	if ( empty($cookie) ) {
256	- if ( is_ssl() )
257	+ if ( is_ssl() ) {
258	$cookie_name = SECURE_AUTH_COOKIE;
259	- else
260	+ $scheme = 'secure_auth';
261	+ } else {
262	$cookie_name = AUTH_COOKIE;
263	+ $scheme = 'auth';
264	+ }
265
266	if ( empty($_COOKIE[$cookie_name]) )
267	return false;
268	@@ -495,7 +501,7 @@
269	if ( $expired < time() )
270	return false;
271
272	- $key = wp_hash($username . '\|' . $expiration);
273	+ $key = wp_hash($username . '\|' . $expiration, $scheme);
274	$hash = hash_hmac('md5', $username . '\|' . $expiration, $key);
275
276	if ( $hmac != $hash )
277	@@ -519,18 +525,18 @@
278	*
279	* @param int $user_id User ID
280	* @param int $expiration Cookie expiration in seconds
281	- * @param bool $secure Whether the cookie is for https delivery only or not. Not used by default. For plugin use.
282	+ * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
283	* @return string Authentication cookie contents
284	*/
285	-function wp_generate_auth_cookie($user_id, $expiration, $secure = false) {
286	+function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') {
287	$user = get_userdata($user_id);
288
289	- $key = wp_hash($user->user_login . '\|' . $expiration);
290	+ $key = wp_hash($user->user_login . '\|' . $expiration, $scheme);
291	$hash = hash_hmac('md5', $user->user_login . '\|' . $expiration, $key);
292
293	$cookie = $user->user_login . '\|' . $expiration . '\|' . $hash;
294
295	- return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $secure);
296	+ return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme);
297	}
298	endif;
299
300	@@ -548,7 +554,7 @@
301	* @param int $user_id User ID
302	* @param bool $remember Whether to remember the user or not
303	*/
304	-function wp_set_auth_cookie($user_id, $remember = false) {
305	+function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
306	if ( $remember ) {
307	$expiration = $expire = time() + 1209600;
308	} else {
309	@@ -556,21 +562,29 @@
310	$expire = 0;
311	}
312
313	- if ( is_ssl() ) {
314	- $secure = true;
315	- $cookie_name = SECURE_AUTH_COOKIE;
316	+ if ( '' === $secure )
317	+ $secure = is_ssl() ? true : false;
318	+
319	+ if ( $secure ) {
320	+ $auth_cookie_name = SECURE_AUTH_COOKIE;
321	+ $scheme = 'secure_auth';
322	} else {
323	- $secure = false;
324	- $cookie_name = AUTH_COOKIE;
325	+ $auth_cookie_name = AUTH_COOKIE;
326	+ $scheme = 'auth';
327	}
328
329	- $cookie = wp_generate_auth_cookie($user_id, $expiration, $secure);
330	+ $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
331	+ $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
332
333	- do_action('set_auth_cookie', $cookie, $expire, $secure);
334	+ do_action('set_auth_cookie', $auth_cookie, $expire, $scheme);
335	+ do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in');
336
337	- setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
338	- if ( COOKIEPATH != SITECOOKIEPATH )
339	- setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
340	+ setcookie($auth_cookie_name, $auth_cookie, $expire, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure);
341	+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
342	+ if ( COOKIEPATH != SITECOOKIEPATH ) {
343	+ setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure);
344	+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
345	+ }
346	}
347	endif;
348
349	@@ -581,10 +595,12 @@
350	* @since 2.5
351	*/
352	function wp_clear_auth_cookie() {
353	- setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
354	- setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
355	- setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
356	- setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
357	+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
358	+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
359	+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
360	+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
361	+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
362	+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
363
364	// Old cookies
365	setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
366	@@ -621,7 +637,7 @@
367	function auth_redirect() {
368	// Checks if a user is logged in, if not redirects them to the login page
369
370	- if ( is_ssl() \|\| (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )
371	+ if ( is_ssl() \|\| force_ssl_admin() )
372	$secure = true;
373	else
374	$secure = false;
375	@@ -643,8 +659,13 @@
376	// The cookie is no good so force login
377	nocache_headers();
378
379	- $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']), 'forceable' );
380	+ if ( is_ssl() )
381	+ $proto = 'https://';
382	+ else
383	+ $proto = 'http://';
384
385	+ $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']), 'login' );
386	+
387	wp_redirect($login_url);
388	exit();
389	}
390	@@ -971,7 +992,7 @@
391
392	$message = sprintf(__('Username: %s'), $user_login) . "\r\n";
393	$message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n";
394	- $message .= site_url("wp-login.php", 'forceable') . "\r\n";
395	+ $message .= site_url("wp-login.php", 'login') . "\r\n";
396
397	wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message);
398
399	@@ -1078,23 +1099,56 @@
400	*
401	* @return string Salt value from either 'SECRET_KEY' or 'secret' option
402	*/
403	-function wp_salt() {
404	+function wp_salt($scheme = 'auth') {
405	global $wp_default_secret_key;
406	$secret_key = '';
407	if ( defined('SECRET_KEY') && ('' != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
408	$secret_key = SECRET_KEY;
409
410	- if ( defined('SECRET_SALT') ) {
411	- $salt = SECRET_SALT;
412	- } else {
413	- $salt = get_option('secret');
414	- if ( empty($salt) ) {
415	- $salt = wp_generate_password();
416	- update_option('secret', $salt);
417	+ if ( 'auth' == $scheme ) {
418	+ if ( defined('AUTH_KEY') && ('' != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) )
419	+ $secret_key = AUTH_KEY;
420	+
421	+ if ( defined('AUTH_SALT') ) {
422	+ $salt = AUTH_SALT;
423	+ } elseif ( defined('SECRET_SALT') ) {
424	+ $salt = SECRET_SALT;
425	+ } else {
426	+ $salt = get_option('auth_salt');
427	+ if ( empty($salt) ) {
428	+ $salt = wp_generate_password();
429	+ update_option('auth_salt', $salt);
430	+ }
431	}
432	+ } elseif ( 'secure_auth' == $scheme ) {
433	+ if ( defined('SECURE_AUTH_KEY') && ('' != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) )
434	+ $secret_key = SECURE_AUTH_KEY;
435	+
436	+ if ( defined('SECURE_AUTH_SALT') ) {
437	+ $salt = SECRET_AUTH_SALT;
438	+ } else {
439	+ $salt = get_option('secure_auth_salt');
440	+ if ( empty($salt) ) {
441	+ $salt = wp_generate_password();
442	+ update_option('secure_auth_salt', $salt);
443	+ }
444	+ }
445	+ } elseif ( 'logged_in' == $scheme ) {
446	+ if ( defined('LOGGED_IN_KEY') && ('' != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) )
447	+ $secret_key = LOGGED_IN_KEY;
448	+
449	+ if ( defined('LOGGED_IN_SALT') ) {
450	+ $salt = LOGGED_IN_SALT;
451	+ } else {
452	+ $salt = get_option('logged_in_salt');
453	+ if ( empty($salt) ) {
454	+ $salt = wp_generate_password();
455	+ update_option('logged_in_salt', $salt);
456	+ }
457	+ }
458	}
459
460	- return apply_filters('salt', $secret_key . $salt);
461	+ return apply_filters('salt', $secret_key . $salt, $scheme);
462	}
463	endif;
464
465	@@ -1108,8 +1162,8 @@
466	* @param string $data Plain text to hash
467	* @return string Hash of $data
468	*/
469	-function wp_hash($data) {
470	- $salt = wp_salt();
471	+function wp_hash($data, $scheme = 'auth') {
472	+ $salt = wp_salt($scheme);
473
474	return hash_hmac('md5', $data, $salt);
475	}
476	Index: wp-settings.php
477	===================================================================
478	--- wp-settings.php (revision 8068)
479	+++ wp-settings.php (working copy)
480	@@ -334,6 +334,13 @@
481
482	/**
483	* It is possible to define this in wp-config.php
484	+ * @since 2.6
485	+ */
486	+if ( !defined('LOGGED_IN_COOKIE') )
487	+ define('LOGGED_IN_COOKIE', 'wordpress_logged_in_' . COOKIEHASH);
488	+
489	+/**
490	+ * It is possible to define this in wp-config.php
491	* @since 2.3.0
492	*/
493	if ( !defined('TEST_COOKIE') )
494	@@ -359,9 +366,25 @@
495	*/
496	if ( !defined('COOKIE_DOMAIN') )
497	define('COOKIE_DOMAIN', false);
498	-
499	+
500	/**
501	* It is possible to define this in wp-config.php
502	+ * @since 2.6
503	+ */
504	+if ( !defined('FORCE_SSL_ADMIN') )
505	+ define('FORCE_SSL_ADMIN', false);
506	+force_ssl_admin(FORCE_SSL_ADMIN);
507	+
508	+/**
509	+ * It is possible to define this in wp-config.php
510	+ * @since 2.6
511	+ */
512	+if ( !defined('FORCE_SSL_LOGIN') )
513	+ define('FORCE_SSL_LOGIN', false);
514	+force_ssl_login(FORCE_SSL_LOGIN);
515	+
516	+/**
517	+ * It is possible to define this in wp-config.php
518	* @since 2.5.0
519	*/
520	if ( !defined( 'AUTOSAVE_INTERVAL' ) )
521	Index: wp-admin/admin-header.php
522	===================================================================
523	--- wp-admin/admin-header.php (revision 8065)
524	+++ wp-admin/admin-header.php (working copy)
525	@@ -111,7 +111,7 @@
526
527	<?php } ?>
528
529	-<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> \| <a href="<?php echo site_url('wp-login.php?action=logout') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> \| <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> \| <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> \| <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
530	+<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> \| <a href="<?php echo site_url('wp-login.php?action=logout', 'login') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> \| <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> \| <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> \| <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
531
532	<?php
533	require(ABSPATH . 'wp-admin/menu-header.php');

Download in other formats:

Original Format