Ticket #16483: 16483.8.diff
File 16483.8.diff, 2.8 KB (added by , 8 years ago) |
---|
-
src/wp-includes/post-template.php
788 788 return apply_filters( 'post_password_required', false, $post ); 789 789 } 790 790 791 if ( ! isset( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) ) { 791 $cookie = "wp-postpass_{$post->ID}_" . COOKIEHASH; 792 793 /** 794 * Filters the name of the cookie checked for password protected posts. 795 * 796 * @since 4.7.0 797 * 798 * @param string $cookie Default cookie name. 799 */ 800 $cookie = apply_filters( 'post_password_cookie', $cookie ); 801 802 if ( ! isset( $_COOKIE[$cookie] ) ) { 792 803 /** This filter is documented in wp-includes/post.php */ 793 804 return apply_filters( 'post_password_required', true, $post ); 794 805 } … … 795 806 796 807 $hasher = new PasswordHash( 8, true ); 797 808 798 $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); 809 $hash = wp_unslash( $_COOKIE[$cookie] ); 810 799 811 if ( 0 !== strpos( $hash, '$P$B' ) ) { 800 812 $required = true; 801 813 } else { … … 1596 1608 */ 1597 1609 function get_the_password_form( $post = 0 ) { 1598 1610 $post = get_post( $post ); 1599 $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 1611 $post_id = empty( $post->ID ) ? rand() : $post->ID; 1612 $label = 'pwbox-' . $post_id; 1600 1613 $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" class="post-password-form" method="post"> 1601 1614 <p>' . __( 'This content is password protected. To view it please enter your password below:' ) . '</p> 1602 <p><label for="' . $label . '">' . __( 'Password:' ) . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type=" submit" name="Submit" value="' . esc_attr_x( 'Enter', 'post password form' ) . '" /></p></form>1615 <p><label for="' . $label . '">' . __( 'Password:' ) . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="hidden" name="post_id" value="' . $post_id . '" /> <input type="submit" name="Submit" value="' . esc_attr_x( 'Enter', 'post password form' ) . '" /></p></form> 1603 1616 '; 1604 1617 1605 1618 /** -
src/wp-login.php
454 454 } else { 455 455 $secure = false; 456 456 } 457 setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure ); 457 458 /** This filter is documented in wp-includes/post-template.php */ 459 $cookie = apply_filters( 'post_password_cookie', "wp-postpass_{$_POST['post_id']}_" . COOKIEHASH ); 460 setcookie( $cookie, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure ); 458 461 459 462 wp_safe_redirect( wp_get_referer() ); 460 463 exit();