WordPress.org

Make WordPress Core

Ticket #16483: 16483.diff

File 16483.diff, 2.6 KB (added by solarissmoke, 7 years ago)

Make passwords post-specific

  • wp-pass.php

     
    1111
    1212if ( get_magic_quotes_gpc() )
    1313        $_POST['post_password'] = stripslashes($_POST['post_password']);
     14       
     15$postid = (int) $_POST['post_ID'];
    1416
    1517// 10 days
    16 setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
     18setcookie("wp-postpass_{$postid}_" . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
    1719
    1820wp_safe_redirect(wp_get_referer());
    1921exit;
  • wp-includes/post-template.php

     
    554554        if ( empty($post->post_password) )
    555555                return false;
    556556
    557         if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) )
     557        if ( !isset($_COOKIE["wp-postpass_{$post->ID}_" . COOKIEHASH]) )
    558558                return true;
    559559
    560         if ( $_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password )
     560        if ( $_COOKIE["wp-postpass_{$post->ID}_" . COOKIEHASH] != $post->post_password )
    561561                return true;
    562562
    563563        return false;
     
    12041204 * @since 1.0.0
    12051205 * @uses apply_filters() Calls 'the_password_form' filter on output.
    12061206 *
     1207 * @param int|object $post An optional post.  Global $post used if not provided.
    12071208 * @return string HTML content for password form for password protected post.
    12081209 */
    1209 function get_the_password_form() {
    1210         global $post;
    1211         $label = 'pwbox-'.(empty($post->ID) ? rand() : $post->ID);
    1212         $output = '<form action="' . get_option('siteurl') . '/wp-pass.php" method="post">
    1213         <p>' . __("This post is password protected. To view it please enter your password below:") . '</p>
    1214         <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p>
    1215         </form>
    1216         ';
     1210function get_the_password_form( $post = null ) {
     1211        $post = get_post( $post );
     1212
     1213        $label = 'pwbox-' . $post->ID;
     1214        $output = '<form action="' . get_option('siteurl') . '/wp-pass.php" method="post">';
     1215        $output .=      '<p>' . __('This post is password protected. To view it please enter your password below:') . '</p>';
     1216        $output .= "<p><label for='$label'>" . __('Password:') . " <input name='post_password' id='$label' type='password' size='20' /></label> <input type='hidden' name='post_ID' value='$post->ID' /> <input type='submit' name='Submit' value='" . esc_attr__('Submit') . "' /></p>";
     1217        $output .= '</form>';
     1218       
    12171219        return apply_filters('the_password_form', $output);
    12181220}
    12191221