Changeset 28609 for trunk/src/wp-login.php

Timestamp:

05/29/2014 03:58:41 AM (11 years ago)

Author:

nacin

Message:

Forcing SSL logins now forces SSL for the entire admin, with no middle ground.

fixes #10267.

File:

• trunk/src/wp-login.php (modified) (1 diff)

trunk/src/wp-login.php

@@ -742 +742 @@
     $reauth = empty($_REQUEST['reauth']) ? false : true;
 
-    // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
-    // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
-    // the admin via http or https.
-    if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
-        $secure_cookie = false;
-
     $user = wp_signon( '', $secure_cookie );