WordPress.org

Make WordPress Core

Changeset 7998


Ignore:
Timestamp:
05/27/2008 05:46:01 PM (12 years ago)
Author:
ryan
Message:

First cut and better admin SSL support. see #7001

Location:
trunk
Files:
20 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-header.php

    r7989 r7998  
    8686    <p><?php _e('After installing and enabling it, most of the WordPress images, scripts and CSS files will be stored on this computer. This will speed up page loading.'); ?></p>
    8787    <p><strong><?php _e('Please make sure you are not using a public or shared computer.'); ?></strong></p>
    88     <div class="submit"><button onclick="window.location = 'http://gears.google.com/?action=install&return=<?php echo get_option('siteurl') . '/wp-admin/'; ?>';" class="button"><?php _e('Install Now'); ?></button>
     88    <div class="submit"><button onclick="window.location = 'http://gears.google.com/?action=install&return=<?php echo admin_url() ?>';" class="button"><?php _e('Install Now'); ?></button>
    8989    <button class="button" style="margin-left:10px;" onclick="document.getElementById('gears-info-box').style.display='none';">Cancel</button></div>
    9090    </div>
     
    110110<?php } ?>
    111111
    112 <div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
     112<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
    113113
    114114<?php
  • trunk/wp-admin/admin.php

    r7971 r7998  
    2727wp_reset_vars(array('profile', 'redirect', 'redirect_url', 'a', 'popuptitle', 'popupurl', 'text', 'trackback', 'pingback'));
    2828
    29 wp_admin_css_color('classic', __('Classic'), get_option( 'siteurl' ) . "/wp-admin/css/colors-classic.css", array('#07273E', '#14568A', '#D54E21', '#2683AE'));
    30 wp_admin_css_color('fresh', __('Fresh'), get_option( 'siteurl' ) . "/wp-admin/css/colors-fresh.css", array('#464646', '#CEE1EF', '#D54E21', '#2683AE'));
     29wp_admin_css_color('classic', __('Classic'), admin_url("css/colors-classic.css"), array('#07273E', '#14568A', '#D54E21', '#2683AE'));
     30wp_admin_css_color('fresh', __('Fresh'), admin_url("css/colors-fresh.css"), array('#464646', '#CEE1EF', '#D54E21', '#2683AE'));
    3131
    3232wp_enqueue_script( 'common' );
  • trunk/wp-admin/comment.php

    r7961 r7998  
    7979<table width="100%">
    8080<tr>
    81 <td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo get_option('siteurl'); ?>/wp-admin/edit-comments.php';" /></td>
     81<td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
    8282<td class="textright"><input type='submit' class="button" value='<?php echo $button; ?>' /></td>
    8383</tr>
     
    147147        wp_redirect( wp_get_original_referer() );
    148148    else
    149         wp_redirect( get_option('siteurl') . '/wp-admin/edit-comments.php' );
     149        wp_redirect( admin_url('edit-comments.php') );
    150150
    151151    die;
     
    172172        wp_redirect( wp_get_referer() );
    173173    else
    174         wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' );
     174        wp_redirect( admin_url('edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments') );
    175175
    176176    exit();
     
    201201        wp_redirect( wp_get_referer() );
    202202    else
    203         wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' );
     203        wp_redirect( admin_url('edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments') );
    204204
    205205    exit();
  • trunk/wp-admin/custom-header.php

    r7698 r7998  
    190190</div>
    191191<?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?>
    192 <form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true">
     192<form method="post" action="<?php echo admin_url('themes.php?page=custom-header&amp;updated=true') ?>">
    193193<input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
    194194<input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
  • trunk/wp-admin/edit-pages.php

    r7883 r7998  
    2121
    2222    $sendback = wp_get_referer();
    23     if (strpos($sendback, 'page.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/page-new.php';
    24     elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
     23    if (strpos($sendback, 'page.php') !== false) $sendback = admin_url('page-new.php');
     24    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
    2525    $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
    2626
  • trunk/wp-admin/edit.php

    r7883 r7998  
    2121
    2222    $sendback = wp_get_referer();
    23     if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php';
    24     elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
     23    if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('post-new.php');
     24    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
    2525    $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
    2626
  • trunk/wp-admin/includes/dashboard.php

    r7962 r7998  
    226226
    227227    if ( $widget_feed_link )
    228         $links[] = '<img class="rss-icon" src="' . get_option( 'siteurl' ) . '/' . WPINC . '/images/rss.png" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>';
     228        $links[] = '<img class="rss-icon" src="' . includes_url('images/rss.png') . '" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>';
    229229
    230230    $links = apply_filters( "wp_dashboard_widget_links_$widget_id", $links );
  • trunk/wp-admin/includes/media.php

    r7988 r7998  
    754754    global $type, $tab;
    755755
    756     $flash_action_url = get_option('siteurl') . "/wp-admin/async-upload.php";
     756    $flash_action_url = admin_url('async-upload.php');
    757757
    758758    // If Mac and mod_security, no Flash. :(
     
    785785    swfu = new SWFUpload({
    786786            upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>",
    787             flash_url : "<?php echo get_option('siteurl').'/wp-includes/js/swfupload/swfupload_f9.swf'; ?>",
     787            flash_url : "<?php echo includes_url('js/swfupload/swfupload_f9.swf'); ?>",
    788788            file_post_name: "async-upload",
    789789            file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
     
    845845    $post_id = intval($_REQUEST['post_id']);
    846846
    847     $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type=$type&tab=type&post_id=$post_id";
     847    $form_action_url = admin_url("media-upload.php?type=$type&tab=type&post_id=$post_id");
    848848    $form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type);
    849849
     
    896896    $post_id = intval($_REQUEST['post_id']);
    897897
    898     $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type={$GLOBALS['type']}&tab=gallery&post_id=$post_id";
     898    $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=gallery&post_id=$post_id");
    899899
    900900?>
     
    935935    $post_id = intval($_REQUEST['post_id']);
    936936
    937     $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type={$GLOBALS['type']}&tab=library&post_id=$post_id";
     937    $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=library&post_id=$post_id");
    938938
    939939    $_GET['paged'] = intval($_GET['paged']);
  • trunk/wp-admin/page.php

    r7961 r7998  
    149149
    150150    $sendback = wp_get_referer();
    151     if (strpos($sendback, 'page.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/page.php';
    152     elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
     151    if (strpos($sendback, 'page.php') !== false) $sendback = admin_url('page.php');
     152    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
    153153    $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
    154154    wp_redirect($sendback);
  • trunk/wp-admin/post.php

    r7961 r7998  
    160160
    161161    $sendback = wp_get_referer();
    162     if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php';
    163     elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
     162    if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('post-new.php');
     163    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
    164164    $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
    165165    wp_redirect($sendback);
  • trunk/wp-admin/themes.php

    r7972 r7998  
    5858<div id="current-theme">
    5959<?php if ( $ct->screenshot ) : ?>
    60 <img src="<?php echo get_option('siteurl') . '/' . $ct->stylesheet_dir . '/' . $ct->screenshot; ?>" alt="<?php _e('Current theme preview'); ?>" />
     60<img src="<?php echo site_url($ct->stylesheet_dir . '/' . $ct->screenshot); ?>" alt="<?php _e('Current theme preview'); ?>" />
    6161<?php endif; ?>
    6262<h3><?php printf(_c('%1$s %2$s by %3$s|1: theme title, 2: theme version, 3: theme author'), $ct->title, $ct->version, $ct->author) ; ?></h3>
     
    127127        <a href="<?php echo $activate_link; ?>" class="<?php echo $thickbox_class; ?> screenshot">
    128128<?php if ( $screenshot ) : ?>
    129             <img src="<?php echo ( $tpage == 'stage' ) ? $screenshot : get_option('siteurl') . '/' . $stylesheet_dir . '/' . $screenshot; ?>" alt="" />
     129            <img src="<?php echo ( $tpage == 'stage' ) ? $screenshot : site_url($stylesheet_dir . '/' . $screenshot); ?>" alt="" />
    130130<?php endif; ?>
    131131        </a>
  • trunk/wp-admin/users.php

    r7888 r7998  
    397397<?php
    398398    if ( get_option('users_can_register') )
    399         echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_option('siteurl').'/wp-register.php') . '</p>';
     399        echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), site_url('wp-register.php')) . '</p>';
    400400    else
    401             echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), get_option('siteurl').'/wp-admin/options-general.php#users_can_register') . '</p>';
     401        echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), admin_url('options-general.php#users_can_register')) . '</p>';
    402402?>
    403403<form action="#add-new-user" method="post" name="adduser" id="adduser" class="add:users: validate">
  • trunk/wp-includes/functions.php

    r7921 r7998  
    17661766}
    17671767
     1768function is_ssl() {
     1769    return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;
     1770}
    17681771?>
  • trunk/wp-includes/general-template.php

    r7994 r7998  
    11401140        $_file = "./$file.css";
    11411141    } else {
    1142         $_file = get_option( 'siteurl' ) . "/wp-admin/$file.css";
     1142        $_file = admin_url("$file.css");
    11431143    }
    11441144    $_file = add_query_arg( 'version', get_bloginfo( 'version' ),  $_file );
  • trunk/wp-includes/link-template.php

    r7955 r7998  
    775775    return apply_filters('shortcut_link', $link);
    776776}
     777
     778// return the site_url option, using https if is_ssl() is true
     779// if $scheme is 'http' or 'https' it will override is_ssl()
     780function site_url($path = '', $scheme = null) {
     781    // should the list of allowed schemes be maintained elsewhere?
     782    if ( !in_array($scheme, array('http', 'https')) )
     783        $scheme = ( is_ssl() ? 'https' : 'http' );
     784
     785    $url = str_replace( 'http://', "{$scheme}://", get_option('siteurl') );
     786
     787    if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
     788        $url .= '/' . ltrim($path, '/');
     789
     790    return $url;
     791}
     792
     793function admin_url($path = '') {
     794    global $_wp_admin_url;
     795
     796    $url = site_url() . '/wp-admin/';
     797
     798    if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
     799        $url .= ltrim($path, '/');
     800
     801    return $url;
     802}
     803
     804function includes_url($path = '') {
     805    global $_wp_includes_url;
     806
     807    $url = site_url() . '/' . WPINC . '/';
     808
     809    if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
     810        $url .= ltrim($path, '/');
     811
     812    return $url;
     813}
     814
    777815?>
  • trunk/wp-includes/media.php

    r7892 r7998  
    307307
    308308    if ( $icon && $src = wp_mime_type_icon($attachment_id) ) {
    309         $icon_dir = apply_filters( 'icon_dir', ABSPATH . WPINC . '/images/crystal' );
     309        $icon_dir = apply_filters( 'icon_dir', includes_url('images/crystal') );
    310310        $src_file = $icon_dir . '/' . basename($src);
    311311        @list($width, $height) = getimagesize($src_file);
  • trunk/wp-includes/pluggable.php

    r7996 r7998  
    470470function wp_validate_auth_cookie($cookie = '') {
    471471    if ( empty($cookie) ) {
    472         if ( empty($_COOKIE[AUTH_COOKIE]) )
     472        if ( is_ssl() )
     473            $cookie_name = SECURE_AUTH_COOKIE;
     474        else
     475            $cookie_name = AUTH_COOKIE;
     476
     477        if ( empty($_COOKIE[$cookie_name]) )
    473478            return false;
    474         $cookie = $_COOKIE[AUTH_COOKIE];
     479        $cookie = $_COOKIE[$cookie_name];
    475480    }
    476481
     
    515520 * @param int $user_id User ID
    516521 * @param int $expiration Cookie expiration in seconds
     522 * @param bool $secure Whether the cookie is for https delivery only or not.  Not used by default.  For plugin use.
    517523 * @return string Authentication cookie contents
    518524 */
    519 function wp_generate_auth_cookie($user_id, $expiration) {
     525function wp_generate_auth_cookie($user_id, $expiration, $secure = false) {
    520526    $user = get_userdata($user_id);
    521527
     
    525531    $cookie = $user->user_login . '|' . $expiration . '|' . $hash;
    526532
    527     return apply_filters('auth_cookie', $cookie, $user_id, $expiration);
     533    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $secure);
    528534}
    529535endif;
     
    551557    }
    552558
    553     $cookie = wp_generate_auth_cookie($user_id, $expiration);
    554 
    555     do_action('set_auth_cookie', $cookie, $expire);
    556 
    557     setcookie(AUTH_COOKIE, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
     559    if ( is_ssl() ) {
     560        $secure = true;
     561        $cookie_name = SECURE_AUTH_COOKIE;
     562    } else {
     563        $secure = false;
     564        $cookie_name = AUTH_COOKIE;
     565    }
     566
     567    $cookie = wp_generate_auth_cookie($user_id, $expiration, $secure);
     568
     569    do_action('set_auth_cookie', $cookie, $expire, $secure);
     570
     571    setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
    558572    if ( COOKIEPATH != SITECOOKIEPATH )
    559         setcookie(AUTH_COOKIE, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
     573        setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
    560574}
    561575endif;
     
    570584    setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
    571585    setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
     586    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
     587    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
    572588
    573589    // Old cookies
     
    605621function auth_redirect() {
    606622    // Checks if a user is logged in, if not redirects them to the login page
    607     if ( (!empty($_COOKIE[AUTH_COOKIE]) &&
    608                 !wp_validate_auth_cookie($_COOKIE[AUTH_COOKIE])) ||
    609             (empty($_COOKIE[AUTH_COOKIE])) ) {
    610         nocache_headers();
    611 
    612         wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
    613         exit();
    614     }
     623
     624    if ( is_ssl() || (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )
     625        $secure = true;
     626    else
     627        $secure = false;
     628
     629    // If https is required and request is http, redirect
     630    if ( $secure && !is_ssl() ) {
     631        if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) {
     632            wp_redirect(str_replace('http://', 'https://', $_SERVER['REQUEST_URI']));
     633            exit();
     634        } else {
     635            wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
     636            exit();         
     637        }
     638    }
     639
     640    if ( wp_validate_auth_cookie() )
     641        return;  // The cookie is good so we're done
     642
     643    // The cookie is no good so force login
     644    nocache_headers();
     645
     646    $login_url = get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
     647
     648    //  Redirect to https if connection is secure
     649    if ( $secure )
     650        $login_url = str_replace('http://', 'https://', $login_url);
     651    wp_redirect($login_url);
     652    exit();
    615653}
    616654endif;
  • trunk/wp-includes/script-loader.php

    r7989 r7998  
    88
    99function wp_default_scripts( &$scripts ) {
    10     $scripts->base_url = get_option( 'siteurl' );
     10    $scripts->base_url = site_url();
    1111    $scripts->default_version = get_bloginfo( 'version' );
    1212
     
    5151    $scripts->add( 'wp-lists', '/wp-includes/js/wp-lists.js', array('wp-ajax-response'), '20080411' );
    5252    $scripts->localize( 'wp-lists', 'wpListL10n', array(
    53         'url' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php'
     53        'url' => admin_url('admin-ajax.php')
    5454    ) );
    5555
     
    130130        $scripts->add( 'postbox', '/wp-admin/js/postbox.js', array('jquery'), '20080128' );
    131131        $scripts->localize( 'postbox', 'postboxL10n', array(
    132             'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
     132            'requestFile' => admin_url('admin-ajax.php'),
    133133        ) );
    134134        $scripts->add( 'slug', '/wp-admin/js/slug.js', array('jquery'), '20080208' );
    135135        $scripts->localize( 'slug', 'slugL10n', array(
    136             'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
     136            'requestFile' => admin_url('admin-ajax.php'),
    137137            'save' => __('Save'),
    138138            'cancel' => __('Cancel'),
     
    205205
    206206function wp_default_styles( &$styles ) {
    207     $styles->base_url = get_option( 'siteurl' );
     207    $styles->base_url = site_url();
    208208    $styles->default_version = get_bloginfo( 'version' );
    209209    $styles->text_direction = 'rtl' == get_bloginfo( 'text_direction' ) ? 'rtl' : 'ltr';
     
    259259        'previewPageText' => __('Preview this Page'),
    260260        'previewPostText' => __('Preview this Post'),
    261         'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
     261        'requestFile' => admin_url('admin-ajax.php'),
    262262        'savingText' => __('Saving Draft&#8230;')
    263263    ) );
  • trunk/wp-login.php

    r7992 r7998  
    138138    $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
    139139    $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
    140     $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n";
     140    $message .= site_url("wp-login.php?action=rp&key=$key") . "\r\n";
    141141
    142142    if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) )
     
    175175    $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
    176176    $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
    177     $message .= get_option('siteurl') . "/wp-login.php\r\n";
     177    $message .= site_url('wp-login.php') . "\r\n";
    178178
    179179    if (  !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) )
     
    406406        // If the user can't edit posts, send them to their profile.
    407407        if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
    408             $redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
     408            $redirect_to = admin_url('profile.php');
    409409        wp_safe_redirect($redirect_to);
    410410        exit();
  • trunk/wp-settings.php

    r7986 r7998  
    312312/**
    313313 * It is possible to define this in wp-config.php
     314 * @since 2.6
     315 */
     316if ( !defined('SECURE_AUTH_COOKIE') )
     317    define('SECURE_AUTH_COOKIE', 'wordpress_sec_' . COOKIEHASH);
     318
     319/**
     320 * It is possible to define this in wp-config.php
    314321 * @since 2.3.0
    315322 */
Note: See TracChangeset for help on using the changeset viewer.