Ticket #16483: 16483.5.diff
File 16483.5.diff, 2.9 KB (added by , 12 years ago) |
---|
-
wp-includes/post-template.php
574 574 if ( empty( $post->post_password ) ) 575 575 return false; 576 576 577 if ( ! isset( $_COOKIE[ 'wp-postpass_' . COOKIEHASH] ) )577 if ( ! isset( $_COOKIE[ "wp-postpass_{$post->ID}_" . COOKIEHASH ] ) ) 578 578 return true; 579 579 580 580 if ( empty( $wp_hasher ) ) { … … 583 583 $wp_hasher = new PasswordHash(8, true); 584 584 } 585 585 586 $hash = stripslashes( $_COOKIE[ 'wp-postpass_'. COOKIEHASH ] );586 $hash = stripslashes( $_COOKIE[ "wp-postpass_{$post->ID}_" . COOKIEHASH ] ); 587 587 588 588 return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); 589 589 } … … 1217 1217 * @since 1.0.0 1218 1218 * @uses apply_filters() Calls 'the_password_form' filter on output. 1219 1219 * 1220 * @param int|object $post An optional post. Global $post used if not provided. 1220 1221 * @return string HTML content for password form for password protected post. 1221 1222 */ 1222 function get_the_password_form() { 1223 $post = get_post(); 1224 $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 1223 function get_the_password_form( $post = null ) { 1224 $post = get_post( $post ); 1225 $post_id = empty( $post->ID ) ? rand() : $post->ID; 1226 $label = 'pwbox-' . $post_id; 1225 1227 $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post"> 1226 1228 <p>' . __("This post is password protected. To view it please enter your password below:") . '</p> 1227 1229 <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> 1230 <input type="hidden" name="post_id" value="' . $post_id . '" /> 1228 1231 </form> 1229 1232 '; 1230 1233 return apply_filters('the_password_form', $output); -
wp-includes/theme-compat/comments-popup.php
45 45 $comments = get_approved_comments($id); 46 46 $post = get_post($id); 47 47 if ( post_password_required($post) ) { // and it doesn't match the cookie 48 echo (get_the_password_form());48 echo get_the_password_form($post); 49 49 } else { ?> 50 50 51 51 <?php if ($comments) { ?> -
wp-login.php
399 399 } 400 400 401 401 // 10 days 402 setcookie( 'wp-postpass_'. COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );402 setcookie( "wp-postpass_{$_POST['post_id']}_" . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); 403 403 404 404 wp_safe_redirect( wp_get_referer() ); 405 405 exit();