WordPress.org

Make WordPress Core

Ticket #16483: 16483.3.diff

File 16483.3.diff, 2.1 KB (added by SergeyBiryukov, 3 years ago)
  • wp-includes/post-template.php

     
    574574        if ( empty( $post->post_password ) ) 
    575575                return false; 
    576576 
    577         if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) ) 
     577        $name = "wp-postpass_{$post->ID}" . COOKIEHASH; 
     578 
     579        if ( ! isset( $_COOKIE[ $name ] ) || $_COOKIE[ $name ] != $post->post_password ) 
    578580                return true; 
    579581 
    580582        if ( empty( $wp_hasher ) ) { 
     
    583585                $wp_hasher = new PasswordHash(8, true); 
    584586        } 
    585587 
    586         $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); 
     588        $hash = stripslashes( $_COOKIE[ $name ] ); 
    587589 
    588590        return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); 
    589591} 
     
    12211223 */ 
    12221224function get_the_password_form() { 
    12231225        $post = get_post(); 
    1224         $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 
     1226        $id = empty( $post->ID ) ? rand() : $post->ID; 
     1227        $label = 'pwbox-' . $id; 
    12251228        $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post"> 
    12261229        <p>' . __("This post is password protected. To view it please enter your password below:") . '</p> 
    12271230        <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> 
     1231        <input type="hidden" name="id" value="' . $id . '" /> 
    12281232</form> 
    12291233        '; 
    12301234        return apply_filters('the_password_form', $output); 
  • wp-login.php

     
    396396        } 
    397397 
    398398        // 10 days 
    399         setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); 
     399        setcookie( 'wp-postpass_' . $_POST['id'] . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); 
    400400 
    401401        wp_safe_redirect( wp_get_referer() ); 
    402402        exit();