WordPress.org

Make WordPress Core

Ticket #42505: 42505-wp-login.diff

File 42505-wp-login.diff, 4.9 KB (added by birgire, 3 years ago)
  • src/wp-login.php

    diff --git src/wp-login.php src/wp-login.php
    index a14c2dd..a092b3e 100644
     
    1111/** Make sure that the WordPress bootstrap has run before continuing. */
    1212require( dirname( __FILE__ ) . '/wp-load.php' );
    1313
    14 // Redirect to https login if forced to use SSL
     14// Redirect to HTTPS login if forced to use SSL.
    1515if ( force_ssl_admin() && ! is_ssl() ) {
    1616        if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
    1717                wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
    if ( force_ssl_admin() && ! is_ssl() ) { 
    2525/**
    2626 * Output the login page header.
    2727 *
     28 * @since 2.1.0
     29 *
    2830 * @param string   $title    Optional. WordPress login Page title to display in the `<title>` element.
    2931 *                           Default 'Log In'.
    3032 * @param string   $message  Optional. Message to display in header. Default empty.
    function login_header( $title = 'Log In', $message = '', $wp_error = null ) { 
    8991        /*
    9092         * Remove all stored post data on logging out.
    9193         * This could be added by add_action('login_head'...) like wp_shake_js(),
    92          * but maybe better if it's not removable by plugins
     94         * but maybe better if it's not removable by plugins.
    9395         */
    9496        if ( 'loggedout' == $wp_error->get_error_code() ) {
    9597                ?>
    function login_header( $title = 'Log In', $message = '', $wp_error = null ) { 
    202204                echo $message . "\n";
    203205        }
    204206
    205         // In case a plugin uses $error rather than the $wp_errors object
     207        // In case a plugin uses $error rather than the $wp_errors object.
    206208        if ( ! empty( $error ) ) {
    207209                $wp_error->add( 'error', $error );
    208210                unset( $error );
    function login_header( $title = 'Log In', $message = '', $wp_error = null ) { 
    247249/**
    248250 * Outputs the footer for the login page.
    249251 *
    250  * @param string $input_id Which input to auto-focus
     252 * @since 3.1.0
     253 *
     254 * @param string $input_id Which input to auto-focus.
    251255 */
    252256function login_footer( $input_id = '' ) {
    253257        global $interim_login;
    function login_footer( $input_id = '' ) { 
    288292}
    289293
    290294/**
     295 * Outputs the Javascript to handle the form shaking.
     296 *
    291297 * @since 3.0.0
    292298 */
    293299function wp_shake_js() {
    addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p. 
    303309}
    304310
    305311/**
     312 * Outputs the viewport meta tag.
     313 *
    306314 * @since 3.7.0
    307315 */
    308316function wp_login_viewport_meta() {
    function wp_login_viewport_meta() { 
    314322/**
    315323 * Handles sending password retrieval email to user.
    316324 *
     325 * @since 2.5.0
     326 *
    317327 * @return bool|WP_Error True: when finish. WP_Error on error
    318328 */
    319329function retrieve_password() {
    function retrieve_password() { 
    417427}
    418428
    419429//
    420 // Main
     430// Main.
    421431//
    422432
    423433$action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'login';
    if ( isset( $_GET['key'] ) ) { 
    427437        $action = 'resetpass';
    428438}
    429439
    430 // validate action so as to default to the login screen
     440// Validate action so as to default to the login screen.
    431441if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'confirmaction' ), true ) && false === has_filter( 'login_form_' . $action ) ) {
    432442        $action = 'login';
    433443}
    switch ( $action ) { 
    890900                 * After firing this action hook the page will redirect to wp-login a callback
    891901                 * redirects or exits first.
    892902                 *
     903                 * @since 4.9.6
     904                 *
    893905                 * @param int $request_id Request ID.
    894906                 */
    895907                do_action( 'user_request_action_confirmed', $request_id );
    switch ( $action ) { 
    908920                        wp_enqueue_script( 'customize-base' );
    909921                }
    910922
    911                 // If the user wants ssl but the session is not ssl, force a secure cookie.
     923                // If the user wants SSL but the session is not SSL, force a secure cookie.
    912924                if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) {
    913925                        $user_name = sanitize_user( $_POST['log'] );
    914926                        $user      = get_user_by( 'login', $user_name );
    switch ( $action ) { 
    927939
    928940                if ( isset( $_REQUEST['redirect_to'] ) ) {
    929941                        $redirect_to = $_REQUEST['redirect_to'];
    930                         // Redirect to https if user wants ssl
     942                        // Redirect to HTTPS if user wants SSL.
    931943                        if ( $secure_cookie && false !== strpos( $redirect_to, 'wp-admin' ) ) {
    932944                                $redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to );
    933945                        }
    switch ( $action ) { 
    10221034                                $errors->add( 'expired', __( 'Your session has expired. Please log in to continue where you left off.' ), 'message' );
    10231035                        }
    10241036                } else {
    1025                         // Some parts of this script use the main login form to display a message
     1037                        // Some parts of this script use the main login form to display a message.
    10261038                        if ( isset( $_GET['loggedout'] ) && true == $_GET['loggedout'] ) {
    10271039                                $errors->add( 'loggedout', __( 'You are now logged out.' ), 'message' );
    10281040                        } elseif ( isset( $_GET['registration'] ) && 'disabled' == $_GET['registration'] ) {
    switch ( $action ) { 
    11721184                }
    11731185
    11741186                break;
    1175 } // end action switch
     1187} // End action switch.