WordPress.org

Make WordPress Core

Ticket #19798: 19798.patch

File 19798.patch, 2.5 KB (added by SergeyBiryukov, 2 years ago)
  • wp-includes/post-template.php

     
    12151215function get_the_password_form() { 
    12161216        global $post; 
    12171217        $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 
    1218         $output = '<form action="' . site_url('wp-pass.php') . '" method="post"> 
     1218        $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post"> 
    12191219        <p>' . __("This post is password protected. To view it please enter your password below:") . '</p> 
    12201220        <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> 
    12211221        </form> 
  • wp-login.php

     
    339339        $action = 'resetpass'; 
    340340 
    341341// validate action so as to default to the login screen 
    342 if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) ) 
     342if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) 
    343343        $action = 'login'; 
    344344 
    345345nocache_headers(); 
     
    367367$http_post = ('POST' == $_SERVER['REQUEST_METHOD']); 
    368368switch ($action) { 
    369369 
     370case 'postpass' : 
     371        // 10 days 
     372        setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 864000, COOKIEPATH); 
     373 
     374        wp_safe_redirect( wp_get_referer() ); 
     375        exit(); 
     376 
     377break; 
     378 
    370379case 'logout' : 
    371380        check_admin_referer('log-out'); 
    372381        wp_logout(); 
  • wp-pass.php

     
    1 <?php 
    2 /** 
    3  * Creates the password cookie and redirects back to where the 
    4  * visitor was before. 
    5  * 
    6  * @package WordPress 
    7  */ 
    8  
    9 /** Make sure that the WordPress bootstrap has run before continuing. */ 
    10 require( dirname(__FILE__) . '/wp-load.php'); 
    11  
    12 // 10 days 
    13 setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 864000, COOKIEPATH); 
    14  
    15 wp_safe_redirect(wp_get_referer()); 
    16 exit;