WordPress.org

Make WordPress Core

Ticket #19798: 19798.2.patch

File 19798.2.patch, 2.9 KB (added by SergeyBiryukov, 3 years ago)
  • wp-includes/post-template.php

     
    12221222function get_the_password_form() { 
    12231223        global $post; 
    12241224        $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 
    1225         $output = '<form action="' . site_url('wp-pass.php') . '" method="post"> 
     1225        $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post"> 
    12261226        <p>' . __("This post is password protected. To view it please enter your password below:") . '</p> 
    12271227        <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> 
    12281228        </form> 
  • wp-login.php

     
    339339        $action = 'resetpass'; 
    340340 
    341341// validate action so as to default to the login screen 
    342 if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) ) 
     342if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) 
    343343        $action = 'login'; 
    344344 
    345345nocache_headers(); 
     
    367367$http_post = ('POST' == $_SERVER['REQUEST_METHOD']); 
    368368switch ($action) { 
    369369 
     370case 'postpass' : 
     371        if ( empty( $wp_hasher ) ) { 
     372                require_once( ABSPATH . 'wp-includes/class-phpass.php' ); 
     373                // By default, use the portable hash from phpass 
     374                $wp_hasher = new PasswordHash(8, true); 
     375        } 
     376 
     377        // 10 days 
     378        setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); 
     379 
     380        wp_safe_redirect( wp_get_referer() ); 
     381        exit(); 
     382 
     383break; 
     384 
    370385case 'logout' : 
    371386        check_admin_referer('log-out'); 
    372387        wp_logout(); 
  • wp-pass.php

     
    1 <?php 
    2 /** 
    3  * Creates the password cookie and redirects back to where the 
    4  * visitor was before. 
    5  * 
    6  * @package WordPress 
    7  */ 
    8  
    9 /** Make sure that the WordPress bootstrap has run before continuing. */ 
    10 require( dirname( __FILE__ ) . '/wp-load.php'); 
    11  
    12 if ( empty( $wp_hasher ) ) { 
    13         require_once( ABSPATH . 'wp-includes/class-phpass.php'); 
    14         // By default, use the portable hash from phpass 
    15         $wp_hasher = new PasswordHash(8, true); 
    16 } 
    17  
    18 // 10 days 
    19 setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); 
    20  
    21 wp_safe_redirect( wp_get_referer() ); 
    22 exit;