Ticket #16483: 16483.3.diff
File 16483.3.diff, 2.1 KB (added by , 12 years ago) |
---|
-
wp-includes/post-template.php
574 574 if ( empty( $post->post_password ) ) 575 575 return false; 576 576 577 if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) ) 577 $name = "wp-postpass_{$post->ID}" . COOKIEHASH; 578 579 if ( ! isset( $_COOKIE[ $name ] ) || $_COOKIE[ $name ] != $post->post_password ) 578 580 return true; 579 581 580 582 if ( empty( $wp_hasher ) ) { … … 583 585 $wp_hasher = new PasswordHash(8, true); 584 586 } 585 587 586 $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH] );588 $hash = stripslashes( $_COOKIE[ $name ] ); 587 589 588 590 return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); 589 591 } … … 1221 1223 */ 1222 1224 function get_the_password_form() { 1223 1225 $post = get_post(); 1224 $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 1226 $id = empty( $post->ID ) ? rand() : $post->ID; 1227 $label = 'pwbox-' . $id; 1225 1228 $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post"> 1226 1229 <p>' . __("This post is password protected. To view it please enter your password below:") . '</p> 1227 1230 <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> 1231 <input type="hidden" name="id" value="' . $id . '" /> 1228 1232 </form> 1229 1233 '; 1230 1234 return apply_filters('the_password_form', $output); -
wp-login.php
396 396 } 397 397 398 398 // 10 days 399 setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );399 setcookie( 'wp-postpass_' . $_POST['id'] . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); 400 400 401 401 wp_safe_redirect( wp_get_referer() ); 402 402 exit();