WordPress.org

Make WordPress Core

Changeset 12665


Ignore:
Timestamp:
01/08/2010 07:09:37 PM (10 years ago)
Author:
ryan
Message:

Document impenetrable logic in login secure cookie and redirect handler. fixes #11643

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-login.php

    r12398 r12665  
    478478    }
    479479
     480    // If the user was redirect to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
     481    // cookie and redirect back to the referring non-secure admin page.  This allows logins to always be POSTed over SSL while allowing the user to choose visiting
     482    // the admin via http or https.
    480483    if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
    481484        $secure_cookie = false;
Note: See TracChangeset for help on using the changeset viewer.