Make WordPress Core

Changeset 40321


Ignore:
Timestamp:
03/23/2017 07:02:23 PM (8 years ago)
Author:
johnbillion
Message:

Login and Registration: Avoid a potentially incorrect value for the cookie hash on multisite installations that don't have a value in the siteurl network option.

This reverts [38619].

See #34084, #39497

Merges [40320] to the 4.7 branch.

Location:
branches/4.7
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/src/wp-admin/install.php

    r39323 r40321  
    335335        $scripts_to_print[] = 'user-profile';
    336336
     337        display_header();
    337338        // Fill in the data we gathered
    338339        $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
     
    347348        if ( empty( $user_name ) ) {
    348349            // TODO: poka-yoke
    349             display_header();
    350350            display_setup_form( __( 'Please provide a valid username.' ) );
    351351            $error = true;
    352352        } elseif ( $user_name != sanitize_user( $user_name, true ) ) {
    353             display_header();
    354353            display_setup_form( __( 'The username you provided has invalid characters.' ) );
    355354            $error = true;
    356355        } elseif ( $admin_password != $admin_password_check ) {
    357356            // TODO: poka-yoke
    358             display_header();
    359357            display_setup_form( __( 'Your passwords do not match. Please try again.' ) );
    360358            $error = true;
    361359        } elseif ( empty( $admin_email ) ) {
    362360            // TODO: poka-yoke
    363             display_header();
    364361            display_setup_form( __( 'You must provide an email address.' ) );
    365362            $error = true;
    366363        } elseif ( ! is_email( $admin_email ) ) {
    367364            // TODO: poka-yoke
    368             display_header();
    369365            display_setup_form( __( 'Sorry, that isn&#8217;t a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
    370366            $error = true;
     
    374370            $wpdb->show_errors();
    375371            $result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );
    376 
    377             // Log the user in and send them to wp-admin:
    378             if ( ! headers_sent() ) {
    379                 wp_set_auth_cookie( $result['user_id'], true, is_ssl() );
    380                 wp_redirect( admin_url() );
    381                 exit;
    382             }
    383 
    384             // If headers have already been sent, fall back to a "Success!" message:
    385             display_header();
    386372?>
    387373
  • branches/4.7/src/wp-includes/default-constants.php

    r38839 r40321  
    206206            define( 'COOKIEHASH', md5( $siteurl ) );
    207207        else
    208             define( 'COOKIEHASH', md5( wp_guess_url() ) );
     208            define( 'COOKIEHASH', '' );
    209209    }
    210210
Note: See TracChangeset for help on using the changeset viewer.