WordPress.org

Make WordPress Core

Ticket #5365: 5365.diff

File 5365.diff, 1.3 KB (added by xknown, 8 years ago)

Check if REQUEST_METHOD is POST

  • wp-login.php

     
    295295        else 
    296296                $redirect_to = $_REQUEST['redirect_to']; 
    297297 
    298         if ( $_POST ) { 
     298        $http_post = ('POST' == $_SERVER['REQUEST_METHOD']); 
     299        if ( $http_post ) { 
    299300                $user_login = $_POST['log']; 
    300301                $user_login = sanitize_user( $user_login ); 
    301302                $user_pass  = $_POST['pwd']; 
     
    312313        do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass)); 
    313314 
    314315        // If cookies are disabled we can't log in even with a valid user+pass 
    315         if ( $_POST && empty($_COOKIE[TEST_COOKIE]) ) 
     316        if ( $http_post && empty($_COOKIE[TEST_COOKIE]) ) 
    316317                $errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.'); 
    317318 
    318319        if ( $user_login && $user_pass && empty( $errors ) ) { 
     
    334335                } 
    335336        } 
    336337 
    337         if ( $_POST && empty( $user_login ) ) 
     338        if ( $http_post && empty( $user_login ) ) 
    338339                $errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.'); 
    339         if ( $_POST && empty( $user_pass ) ) 
     340        if ( $http_post && empty( $user_pass ) ) 
    340341                $errors['user_pass'] = __('<strong>ERROR</strong>: The password field is empty.'); 
    341342 
    342343        // Some parts of this script use the main login form to display a message