Ticket #16483: 16483.6.diff
File 16483.6.diff, 2.4 KB (added by , 8 years ago) |
---|
-
src/wp-includes/post-template.php
782 782 if ( empty( $post->post_password ) ) 783 783 return false; 784 784 785 if ( ! isset( $_COOKIE[ 'wp-postpass_'. COOKIEHASH] ) )785 if ( ! isset( $_COOKIE["wp-postpass_{$post->ID}_" . COOKIEHASH] ) ) 786 786 return true; 787 787 788 788 require_once ABSPATH . WPINC . '/class-phpass.php'; 789 789 $hasher = new PasswordHash( 8, true ); 790 790 791 $hash = wp_unslash( $_COOKIE[ 'wp-postpass_'. COOKIEHASH ] );791 $hash = wp_unslash( $_COOKIE[ "wp-postpass_{$post->ID}_" . COOKIEHASH ] ); 792 792 if ( 0 !== strpos( $hash, '$P$B' ) ) 793 793 return true; 794 794 … … 1540 1540 */ 1541 1541 function get_the_password_form( $post = 0 ) { 1542 1542 $post = get_post( $post ); 1543 $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 1543 $post_id = empty( $post->ID ) ? rand() : $post->ID; 1544 $label = 'pwbox-' . $post_id; 1544 1545 $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" class="post-password-form" method="post"> 1545 1546 <p>' . __( 'This content is password protected. To view it please enter your password below:' ) . '</p> 1546 <p><label for="' . $label . '">' . __( 'Password:' ) . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type=" submit" name="Submit" value="' . esc_attr_x( 'Enter', 'post password form' ) . '" /></p></form>1547 <p><label for="' . $label . '">' . __( 'Password:' ) . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="hidden" name="post_id" value="' . $post_id . '" /> <input type="submit" name="Submit" value="' . esc_attr_x( 'Enter', 'post password form' ) . '" /></p></form> 1547 1548 '; 1548 1549 1549 1550 /** -
src/wp-login.php
464 464 } else { 465 465 $secure = false; 466 466 } 467 setcookie( 'wp-postpass_'. COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );467 setcookie( "wp-postpass_{$_POST['post_id']}_" . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure ); 468 468 469 469 wp_safe_redirect( wp_get_referer() ); 470 470 exit();