WordPress.org

Make WordPress Core

Ticket #16483: 16483.3.diff

File 16483.3.diff, 2.1 KB (added by SergeyBiryukov, 5 years ago)
  • wp-includes/post-template.php

     
    574574        if ( empty( $post->post_password ) )
    575575                return false;
    576576
    577         if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
     577        $name = "wp-postpass_{$post->ID}" . COOKIEHASH;
     578
     579        if ( ! isset( $_COOKIE[ $name ] ) || $_COOKIE[ $name ] != $post->post_password )
    578580                return true;
    579581
    580582        if ( empty( $wp_hasher ) ) {
     
    583585                $wp_hasher = new PasswordHash(8, true);
    584586        }
    585587
    586         $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
     588        $hash = stripslashes( $_COOKIE[ $name ] );
    587589
    588590        return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
    589591}
     
    12211223 */
    12221224function get_the_password_form() {
    12231225        $post = get_post();
    1224         $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID );
     1226        $id = empty( $post->ID ) ? rand() : $post->ID;
     1227        $label = 'pwbox-' . $id;
    12251228        $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
    12261229        <p>' . __("This post is password protected. To view it please enter your password below:") . '</p>
    12271230        <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p>
     1231        <input type="hidden" name="id" value="' . $id . '" />
    12281232</form>
    12291233        ';
    12301234        return apply_filters('the_password_form', $output);
  • wp-login.php

     
    396396        }
    397397
    398398        // 10 days
    399         setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
     399        setcookie( 'wp-postpass_' . $_POST['id'] . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
    400400
    401401        wp_safe_redirect( wp_get_referer() );
    402402        exit();