WordPress.org

Make WordPress Core

Ticket #16483: 16483.6.diff

File 16483.6.diff, 2.4 KB (added by voldemortensen, 3 years ago)
  • src/wp-includes/post-template.php

     
    782782        if ( empty( $post->post_password ) )
    783783                return false;
    784784
    785         if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
     785        if ( ! isset( $_COOKIE["wp-postpass_{$post->ID}_" . COOKIEHASH] ) )
    786786                return true;
    787787
    788788        require_once ABSPATH . WPINC . '/class-phpass.php';
    789789        $hasher = new PasswordHash( 8, true );
    790790
    791         $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
     791        $hash = wp_unslash( $_COOKIE[ "wp-postpass_{$post->ID}_" . COOKIEHASH ] );
    792792        if ( 0 !== strpos( $hash, '$P$B' ) )
    793793                return true;
    794794
     
    15401540 */
    15411541function get_the_password_form( $post = 0 ) {
    15421542        $post = get_post( $post );
    1543         $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID );
     1543        $post_id = empty( $post->ID ) ? rand() : $post->ID;
     1544        $label = 'pwbox-' . $post_id;
    15441545        $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" class="post-password-form" method="post">
    15451546        <p>' . __( 'This content is password protected. To view it please enter your password below:' ) . '</p>
    1546         <p><label for="' . $label . '">' . __( 'Password:' ) . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr_x( 'Enter', 'post password form' ) . '" /></p></form>
     1547        <p><label for="' . $label . '">' . __( 'Password:' ) . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="hidden" name="post_id" value="' . $post_id . '" /> <input type="submit" name="Submit" value="' . esc_attr_x( 'Enter', 'post password form' ) . '" /></p></form>
    15471548        ';
    15481549
    15491550        /**
  • src/wp-login.php

     
    464464        } else {
    465465                $secure = false;
    466466        }
    467         setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
     467        setcookie( "wp-postpass_{$_POST['post_id']}_" . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
    468468
    469469        wp_safe_redirect( wp_get_referer() );
    470470        exit();