WordPress.org

Make WordPress Core

Ticket #9207: 9207.patch

File 9207.patch, 2.8 KB (added by hakre, 8 years ago)
  • wp-includes/functions.php

    ### Eclipse Workspace Patch 1.0
    #P wordpress-trunk
     
    31643164}
    31653165
    31663166/**
    3167  * Whether to force SSL used for the Administration Panels.
     3167 * Wether or not to force SSL used for the Admin.
     3168 *
     3169 * Statefull automata with two states: true and false.
    31683170 *
    31693171 * @since 2.6.0
    31703172 *
    3171  * @param string|bool $force
    3172  * @return bool True if forced, false if not forced.
     3173 * @param  bool $force (optional) set the state
     3174 * @return bool true if forced, fakse if not.
    31733175 */
    31743176function force_ssl_admin( $force = null ) {
    31753177        static $forced = false;
    31763178
    3177         if ( !is_null( $force ) ) {
    3178                 $old_forced = $forced;
    3179                 $forced = $force;
    3180                 return $old_forced;
    3181         }
     3179        $old = $forced;
    31823180
    3183         return $forced;
     3181        if ( ! is_null( $force ) )
     3182                $forced  = (bool) $force;
     3183
     3184        return $old;
    31843185}
    31853186
    31863187/**
  • wp-login.php

     
    454454
    455455case 'login' :
    456456default:
    457         $secure_cookie = '';
    458         $interim_login = isset($_REQUEST['interim-login']);
     457        $interim_login = isset( $_REQUEST['interim-login'] );
    459458
    460         // If the user wants ssl but the session is not ssl, force a secure cookie.
    461         if ( !empty($_POST['log']) && !force_ssl_admin() ) {
    462                 $user_name = sanitize_user($_POST['log']);
    463                 if ( $user = get_userdatabylogin($user_name) ) {
    464                         if ( get_user_option('use_ssl', $user->ID) ) {
    465                                 $secure_cookie = true;
    466                                 force_ssl_admin(true);
    467                         }
    468                 }
     459        /* set $secure_cookie (SSL) */
     460
     461        $secure_cookie = false;
     462       
     463        if ( FORCE_SSL_ADMIN ) {
     464                // If configured to ssl, use secure cookie.
     465                $secure_cookie = true;
     466        } elseif (
     467                        ! empty( $_POST['log'] )
     468                        && ! force_ssl_admin()
     469                        && $user = get_userdatabylogin( sanitize_user($_POST['log']) )
     470                        && get_user_option( 'use_ssl', $user->ID )
     471        ) {
     472                // If the user wants ssl but the session is not ssl, use a secure cookie.
     473                $secure_cookie = true;
    469474        }
    470475
     476        if ( $secure_cookie )
     477                force_ssl_admin( true );
     478
     479        /* set $redirect_to */
     480               
     481        $redirect_to = admin_url(  );
     482
    471483        if ( isset( $_REQUEST['redirect_to'] ) ) {
    472484                $redirect_to = $_REQUEST['redirect_to'];
    473485                // Redirect to https if user wants ssl
    474                 if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
    475                         $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
    476         } else {
    477                 $redirect_to = admin_url();
     486                if ( $secure_cookie && false !== strpos( $redirect_to, 'wp-admin' ) )
     487                        $redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to );
    478488        }
    479489
    480490        if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )