WordPress.org

Make WordPress Core

Ticket #16483: 16483.4.diff

File 16483.4.diff, 2.9 KB (added by SergeyBiryukov, 5 years ago)
  • wp-includes/post-template.php

     
    574574        if ( empty( $post->post_password ) )
    575575                return false;
    576576
    577         if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
     577        if ( ! isset( $_COOKIE[ "wp-postpass_{$post->ID}" . COOKIEHASH ] ) )
    578578                return true;
    579579
    580580        if ( empty( $wp_hasher ) ) {
     
    583583                $wp_hasher = new PasswordHash(8, true);
    584584        }
    585585
    586         $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
     586        $hash = stripslashes( $_COOKIE[ "wp-postpass_{$post->ID}" . COOKIEHASH ] );
    587587
    588588        return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
    589589}
     
    12171217 * @since 1.0.0
    12181218 * @uses apply_filters() Calls 'the_password_form' filter on output.
    12191219 *
     1220 * @param int|object $post An optional post. Global $post used if not provided.
    12201221 * @return string HTML content for password form for password protected post.
    12211222 */
    1222 function get_the_password_form() {
    1223         $post = get_post();
    1224         $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID );
     1223function get_the_password_form( $post = null ) {
     1224        $post = get_post( $post );
     1225        $post_id = empty( $post->ID ) ? rand() : $post->ID;
     1226        $label = 'pwbox-' . $post_id;
    12251227        $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
    12261228        <p>' . __("This post is password protected. To view it please enter your password below:") . '</p>
    12271229        <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p>
     1230        <input type="hidden" name="post_id" value="' . $post_id . '" />
    12281231</form>
    12291232        ';
    12301233        return apply_filters('the_password_form', $output);
  • wp-includes/theme-compat/comments-popup.php

     
    4545$comments = get_approved_comments($id);
    4646$post = get_post($id);
    4747if ( post_password_required($post) ) {  // and it doesn't match the cookie
    48         echo(get_the_password_form());
     48        echo get_the_password_form($post);
    4949} else { ?>
    5050
    5151<?php if ($comments) { ?>
  • wp-login.php

     
    396396        }
    397397
    398398        // 10 days
    399         setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
     399        setcookie( 'wp-postpass_' . $_POST['post_id'] . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
    400400
    401401        wp_safe_redirect( wp_get_referer() );
    402402        exit();