WordPress.org

Make WordPress Core

Ticket #5365: 5365.diff

File 5365.diff, 1.3 KB (added by xknown, 11 years ago)

Check if REQUEST_METHOD is POST

  • wp-login.php

     
    295295        else
    296296                $redirect_to = $_REQUEST['redirect_to'];
    297297
    298         if ( $_POST ) {
     298        $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
     299        if ( $http_post ) {
    299300                $user_login = $_POST['log'];
    300301                $user_login = sanitize_user( $user_login );
    301302                $user_pass  = $_POST['pwd'];
     
    312313        do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass));
    313314
    314315        // If cookies are disabled we can't log in even with a valid user+pass
    315         if ( $_POST && empty($_COOKIE[TEST_COOKIE]) )
     316        if ( $http_post && empty($_COOKIE[TEST_COOKIE]) )
    316317                $errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.');
    317318
    318319        if ( $user_login && $user_pass && empty( $errors ) ) {
     
    334335                }
    335336        }
    336337
    337         if ( $_POST && empty( $user_login ) )
     338        if ( $http_post && empty( $user_login ) )
    338339                $errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.');
    339         if ( $_POST && empty( $user_pass ) )
     340        if ( $http_post && empty( $user_pass ) )
    340341                $errors['user_pass'] = __('<strong>ERROR</strong>: The password field is empty.');
    341342
    342343        // Some parts of this script use the main login form to display a message