WordPress.org

Make WordPress Core

Changeset 19925


Ignore:
Timestamp:
02/14/12 18:29:22 (2 years ago)
Author:
ryan
Message:

Set post password cookies via an action in wp-login.php. Retire wp-pass.php (one less root file). Obey login ssl preferences for post password form submission. Props SergeyBiryukov. fixes #19798

Location:
trunk
Files:
1 deleted
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post-template.php

    r19812 r19925  
    12211221    global $post; 
    12221222    $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); 
    1223     $output = '<form action="' . site_url('wp-pass.php') . '" method="post"> 
     1223    $output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post"> 
    12241224    <p>' . __("This post is password protected. To view it please enter your password below:") . '</p> 
    12251225    <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> 
  • trunk/wp-login.php

    r19783 r19925  
    351351 
    352352// validate action so as to default to the login screen 
    353 if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) ) 
     353if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) 
    354354    $action = 'login'; 
    355355 
     
    378378$http_post = ('POST' == $_SERVER['REQUEST_METHOD']); 
    379379switch ($action) { 
     380 
     381case 'postpass' : 
     382    if ( empty( $wp_hasher ) ) { 
     383        require_once( ABSPATH . 'wp-includes/class-phpass.php' ); 
     384        // By default, use the portable hash from phpass 
     385        $wp_hasher = new PasswordHash(8, true); 
     386    } 
     387 
     388    // 10 days 
     389    setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); 
     390 
     391    wp_safe_redirect( wp_get_referer() ); 
     392    exit(); 
     393 
     394break; 
    380395 
    381396case 'logout' : 
Note: See TracChangeset for help on using the changeset viewer.