Changeset 28609
- Timestamp:
- 05/29/2014 03:58:41 AM (10 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/default-constants.php
r28569 r28609 248 248 * @since 2.6.0 249 249 */ 250 if ( !defined('FORCE_SSL_ADMIN') ) 251 define('FORCE_SSL_ADMIN', false); 252 force_ssl_admin(FORCE_SSL_ADMIN); 253 254 /** 255 * @since 2.6.0 256 */ 257 if ( !defined('FORCE_SSL_LOGIN') ) 258 define('FORCE_SSL_LOGIN', false); 259 force_ssl_login(FORCE_SSL_LOGIN); 250 if ( !defined( 'FORCE_SSL_ADMIN' ) ) 251 define( 'FORCE_SSL_ADMIN', false ); 252 force_ssl_admin( FORCE_SSL_ADMIN ); 253 254 /** 255 * @since 2.6.0 256 * @deprecated 4.0.0 257 */ 258 if ( defined( 'FORCE_SSL_LOGIN' ) && FORCE_SSL_LOGIN ) { 259 force_ssl_admin( true ); 260 } 260 261 } 261 262 -
trunk/src/wp-includes/functions.php
r28588 r28609 3388 3388 */ 3389 3389 function force_ssl_login( $force = null ) { 3390 static $forced = false; 3391 3392 if ( !is_null( $force ) ) { 3393 $old_forced = $forced; 3394 $forced = $force; 3395 return $old_forced; 3396 } 3397 3398 return $forced; 3390 return force_ssl_admin( $force ); 3399 3391 } 3400 3392 … … 4306 4298 $same_domain = ( strpos( $login_url, $current_domain ) === 0 ); 4307 4299 4308 if ( $same_domain && force_ssl_login() && ! force_ssl_admin() )4309 $same_domain = false;4310 4311 4300 /** 4312 4301 * Filter whether the authentication check originated at the same domain. -
trunk/src/wp-includes/link-template.php
r28590 r28609 2846 2846 function set_url_scheme( $url, $scheme = null ) { 2847 2847 $orig_scheme = $scheme; 2848 if ( ! in_array( $scheme, array( 'http', 'https', 'relative' ) ) ) { 2849 if ( ( 'login_post' == $scheme || 'rpc' == $scheme ) && ( force_ssl_login() || force_ssl_admin() ) ) 2850 $scheme = 'https'; 2851 elseif ( ( 'login' == $scheme ) && force_ssl_admin() ) 2852 $scheme = 'https'; 2853 elseif ( ( 'admin' == $scheme ) && force_ssl_admin() ) 2854 $scheme = 'https'; 2855 else 2856 $scheme = ( is_ssl() ? 'https' : 'http' ); 2848 2849 if ( ! $scheme ) { 2850 $scheme = is_ssl() ? 'https' : 'http'; 2851 } elseif ( $scheme === 'admin' || $scheme === 'login' || $scheme === 'login_post' || $scheme === 'rpc' ) { 2852 $scheme = is_ssl() || force_ssl_admin() ? 'https' : 'http'; 2853 } elseif ( $scheme !== 'http' && $scheme !== 'https' && $scheme !== 'relative' ) { 2854 $scheme = is_ssl() ? 'https' : 'http'; 2857 2855 } 2858 2856 -
trunk/src/wp-login.php
r28340 r28609 742 742 $reauth = empty($_REQUEST['reauth']) ? false : true; 743 743 744 // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure745 // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting746 // the admin via http or https.747 if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )748 $secure_cookie = false;749 750 744 $user = wp_signon( '', $secure_cookie ); 751 745 -
trunk/tests/phpunit/tests/url.php
r25389 r28609 2 2 3 3 // tests for link-template.php and related URL functions 4 /** 5 * @group url 6 */ 4 7 class Tests_URL extends WP_UnitTestCase { 5 8 var $_old_server; … … 265 268 266 269 force_ssl_login( true ); 267 $this->assertEquals( $http _links[ $i ], set_url_scheme( $link, 'admin' ) );270 $this->assertEquals( $https_links[ $i ], set_url_scheme( $link, 'admin' ) ); 268 271 $this->assertEquals( $https_links[ $i ], set_url_scheme( $link, 'login_post' ) ); 269 $this->assertEquals( $http _links[ $i ], set_url_scheme( $link, 'login' ) );272 $this->assertEquals( $https_links[ $i ], set_url_scheme( $link, 'login' ) ); 270 273 $this->assertEquals( $https_links[ $i ], set_url_scheme( $link, 'rpc' ) ); 271 274
Note: See TracChangeset
for help on using the changeset viewer.