WordPress.org

Make WordPress Core

Ticket #16483: 16483.4.diff

File 16483.4.diff, 2.9 KB (added by SergeyBiryukov, 15 months ago)
  • wp-includes/post-template.php

     
    574574        if ( empty( $post->post_password ) ) 
    575575                return false; 
    576576 
    577         if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) ) 
     577        if ( ! isset( $_COOKIE[ "wp-postpass_{$post->ID}" . COOKIEHASH ] ) ) 
    578578                return true; 
    579579 
    580580        if ( empty( $wp_hasher ) ) { 
     
    583583                $wp_hasher = new PasswordHash(8, true); 
    584584        } 
    585585 
    586         $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); 
     586        $hash = stripslashes( $_COOKIE[ "wp-postpass_{$post->ID}" . COOKIEHASH ] ); 
    587587 
    588588        return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); 
    589589} 
     
    12171217 * @since 1.0.0 
    12181218 * @uses apply_filters() Calls 'the_password_form' filter on output. 
    12191219 * 
     1220 * @param int|object $post An optional post. Global $post used if not provided. 
    12201221 * @return string HTML content for password form for password protected post. 
    12211222 */ 
    1222 function get_the_password_form() { 
    1223         $post = get_post(); 
    1224         $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 
     1223function get_the_password_form( $post = null ) { 
     1224        $post = get_post( $post ); 
     1225        $post_id = empty( $post->ID ) ? rand() : $post->ID; 
     1226        $label = 'pwbox-' . $post_id; 
    12251227        $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post"> 
    12261228        <p>' . __("This post is password protected. To view it please enter your password below:") . '</p> 
    12271229        <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> 
     1230        <input type="hidden" name="post_id" value="' . $post_id . '" /> 
    12281231</form> 
    12291232        '; 
    12301233        return apply_filters('the_password_form', $output); 
  • wp-includes/theme-compat/comments-popup.php

     
    4545$comments = get_approved_comments($id); 
    4646$post = get_post($id); 
    4747if ( post_password_required($post) ) {  // and it doesn't match the cookie 
    48         echo(get_the_password_form()); 
     48        echo get_the_password_form($post); 
    4949} else { ?> 
    5050 
    5151<?php if ($comments) { ?> 
  • wp-login.php

     
    396396        } 
    397397 
    398398        // 10 days 
    399         setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); 
     399        setcookie( 'wp-postpass_' . $_POST['post_id'] . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); 
    400400 
    401401        wp_safe_redirect( wp_get_referer() ); 
    402402        exit();