WordPress.org

Make WordPress Core

Ticket #16483: 16483.diff

File 16483.diff, 2.6 KB (added by solarissmoke, 3 years ago)

Make passwords post-specific

  • wp-pass.php

     
    1111 
    1212if ( get_magic_quotes_gpc() ) 
    1313        $_POST['post_password'] = stripslashes($_POST['post_password']); 
     14         
     15$postid = (int) $_POST['post_ID']; 
    1416 
    1517// 10 days 
    16 setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); 
     18setcookie("wp-postpass_{$postid}_" . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); 
    1719 
    1820wp_safe_redirect(wp_get_referer()); 
    1921exit; 
  • wp-includes/post-template.php

     
    554554        if ( empty($post->post_password) ) 
    555555                return false; 
    556556 
    557         if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) ) 
     557        if ( !isset($_COOKIE["wp-postpass_{$post->ID}_" . COOKIEHASH]) ) 
    558558                return true; 
    559559 
    560         if ( $_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password ) 
     560        if ( $_COOKIE["wp-postpass_{$post->ID}_" . COOKIEHASH] != $post->post_password ) 
    561561                return true; 
    562562 
    563563        return false; 
     
    12041204 * @since 1.0.0 
    12051205 * @uses apply_filters() Calls 'the_password_form' filter on output. 
    12061206 * 
     1207 * @param int|object $post An optional post.  Global $post used if not provided. 
    12071208 * @return string HTML content for password form for password protected post. 
    12081209 */ 
    1209 function get_the_password_form() { 
    1210         global $post; 
    1211         $label = 'pwbox-'.(empty($post->ID) ? rand() : $post->ID); 
    1212         $output = '<form action="' . get_option('siteurl') . '/wp-pass.php" method="post"> 
    1213         <p>' . __("This post is password protected. To view it please enter your password below:") . '</p> 
    1214         <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> 
    1215         </form> 
    1216         '; 
     1210function get_the_password_form( $post = null ) { 
     1211        $post = get_post( $post ); 
     1212 
     1213        $label = 'pwbox-' . $post->ID; 
     1214        $output = '<form action="' . get_option('siteurl') . '/wp-pass.php" method="post">'; 
     1215        $output .=      '<p>' . __('This post is password protected. To view it please enter your password below:') . '</p>'; 
     1216        $output .= "<p><label for='$label'>" . __('Password:') . " <input name='post_password' id='$label' type='password' size='20' /></label> <input type='hidden' name='post_ID' value='$post->ID' /> <input type='submit' name='Submit' value='" . esc_attr__('Submit') . "' /></p>"; 
     1217        $output .= '</form>'; 
     1218         
    12171219        return apply_filters('the_password_form', $output); 
    12181220} 
    12191221