Ticket #27373: 27373.patch

src/wp-login.php

@@ -755 +755 @@
         if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
                 $secure_cookie = false;
 
-        // If cookies are disabled we can't log in even with a valid user+pass
-        if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
-                $user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
-        else
-                $user = wp_signon('', $secure_cookie);
+        $user = wp_signon( '', $secure_cookie );
 
+        if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
+                if ( headers_sent() ) {
+                        $user = new WP_Error( 'test_cookie', __( '<strong>ERROR</strong>: Could not set cookies, headers are already sent.' ) );
+                } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) {
+                        // If cookies are disabled we can't log in even with a valid user+pass
+                        $user = new WP_Error( 'test_cookie', __( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="http://www.google.com/cookies.html">enable cookies</a> to use WordPress.' ) );
+                }
+        }
+
         $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
         /**
          * Filter the login redirect URL.