WordPress.org

Make WordPress Core

Ticket #16483: 16483.8.diff

File 16483.8.diff, 2.8 KB (added by voldemortensen, 3 years ago)
  • src/wp-includes/post-template.php

     
    788788                return apply_filters( 'post_password_required', false, $post );
    789789        }
    790790
    791         if ( ! isset( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) ) {
     791        $cookie = "wp-postpass_{$post->ID}_" . COOKIEHASH;
     792
     793        /**
     794         * Filters the name of the cookie checked for password protected posts.
     795         *
     796         * @since 4.7.0
     797         *
     798         * @param string $cookie Default cookie name.
     799         */
     800        $cookie = apply_filters( 'post_password_cookie', $cookie );
     801
     802        if ( ! isset( $_COOKIE[$cookie] ) ) {
    792803                /** This filter is documented in wp-includes/post.php */
    793804                return apply_filters( 'post_password_required', true, $post );
    794805        }
     
    795806
    796807        $hasher = new PasswordHash( 8, true );
    797808
    798         $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
     809        $hash = wp_unslash( $_COOKIE[$cookie] );
     810
    799811        if ( 0 !== strpos( $hash, '$P$B' ) ) {
    800812                $required = true;
    801813        } else {
     
    15961608 */
    15971609function get_the_password_form( $post = 0 ) {
    15981610        $post = get_post( $post );
    1599         $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID );
     1611        $post_id = empty( $post->ID ) ? rand() : $post->ID;
     1612        $label = 'pwbox-' . $post_id;
    16001613        $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" class="post-password-form" method="post">
    16011614        <p>' . __( 'This content is password protected. To view it please enter your password below:' ) . '</p>
    1602         <p><label for="' . $label . '">' . __( 'Password:' ) . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr_x( 'Enter', 'post password form' ) . '" /></p></form>
     1615        <p><label for="' . $label . '">' . __( 'Password:' ) . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="hidden" name="post_id" value="' . $post_id . '" /> <input type="submit" name="Submit" value="' . esc_attr_x( 'Enter', 'post password form' ) . '" /></p></form>
    16031616        ';
    16041617
    16051618        /**
  • src/wp-login.php

     
    454454        } else {
    455455                $secure = false;
    456456        }
    457         setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
     457       
     458        /** This filter is documented in wp-includes/post-template.php */
     459        $cookie = apply_filters( 'post_password_cookie', "wp-postpass_{$_POST['post_id']}_" . COOKIEHASH );
     460        setcookie( $cookie, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
    458461
    459462        wp_safe_redirect( wp_get_referer() );
    460463        exit();