Changeset 7998

Timestamp:

05/27/2008 05:46:01 PM (17 years ago)

Author:

ryan

Message:

First cut and better admin SSL support. see #7001

Location:

trunk

Files:

• wp-admin/admin-header.php (modified) (2 diffs)
• wp-admin/admin.php (modified) (1 diff)
• wp-admin/comment.php (modified) (4 diffs)
• wp-admin/custom-header.php (modified) (1 diff)
• wp-admin/edit-pages.php (modified) (1 diff)
• wp-admin/edit.php (modified) (1 diff)
• wp-admin/includes/dashboard.php (modified) (1 diff)
• wp-admin/includes/media.php (modified) (5 diffs)
• wp-admin/page.php (modified) (1 diff)
• wp-admin/post.php (modified) (1 diff)
• wp-admin/themes.php (modified) (2 diffs)
• wp-admin/users.php (modified) (1 diff)
• wp-includes/functions.php (modified) (1 diff)
• wp-includes/general-template.php (modified) (1 diff)
• wp-includes/link-template.php (modified) (1 diff)
• wp-includes/media.php (modified) (1 diff)
• wp-includes/pluggable.php (modified) (6 diffs)
• wp-includes/script-loader.php (modified) (5 diffs)
• wp-login.php (modified) (3 diffs)
• wp-settings.php (modified) (1 diff)

trunk/wp-admin/admin-header.php

@@ -86 +86 @@
     <p><?php _e('After installing and enabling it, most of the WordPress images, scripts and CSS files will be stored on this computer. This will speed up page loading.'); ?></p>
     <p><strong><?php _e('Please make sure you are not using a public or shared computer.'); ?></strong></p>
-    <div class="submit"><button onclick="window.location = 'http://gears.google.com/?action=install&return=<?php echo get_option('siteurl') . '/wp-admin/'; ?>';" class="button"><?php _e('Install Now'); ?></button>
+    <div class="submit"><button onclick="window.location = 'http://gears.google.com/?action=install&return=<?php echo admin_url() ?>';" class="button"><?php _e('Install Now'); ?></button>
     <button class="button" style="margin-left:10px;" onclick="document.getElementById('gears-info-box').style.display='none';">Cancel</button></div>
     </div>
@@ -110 +110 @@
 <?php } ?>
 
-<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
+<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
 
 <?php

trunk/wp-admin/admin.php

@@ -27 +27 @@
 wp_reset_vars(array('profile', 'redirect', 'redirect_url', 'a', 'popuptitle', 'popupurl', 'text', 'trackback', 'pingback'));
 
-wp_admin_css_color('classic', __('Classic'), get_option( 'siteurl' ) . "/wp-admin/css/colors-classic.css", array('#07273E', '#14568A', '#D54E21', '#2683AE'));
-wp_admin_css_color('fresh', __('Fresh'), get_option( 'siteurl' ) . "/wp-admin/css/colors-fresh.css", array('#464646', '#CEE1EF', '#D54E21', '#2683AE'));
+wp_admin_css_color('classic', __('Classic'), admin_url("css/colors-classic.css"), array('#07273E', '#14568A', '#D54E21', '#2683AE'));
+wp_admin_css_color('fresh', __('Fresh'), admin_url("css/colors-fresh.css"), array('#464646', '#CEE1EF', '#D54E21', '#2683AE'));
 
 wp_enqueue_script( 'common' );

trunk/wp-admin/comment.php

@@ -79 +79 @@
 <table width="100%">
 <tr>
-<td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo get_option('siteurl'); ?>/wp-admin/edit-comments.php';" /></td>
+<td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
 <td class="textright"><input type='submit' class="button" value='<?php echo $button; ?>' /></td>
 </tr>
@@ -147 +147 @@
         wp_redirect( wp_get_original_referer() );
     else
-        wp_redirect( get_option('siteurl') . '/wp-admin/edit-comments.php' );
+        wp_redirect( admin_url('edit-comments.php') );
 
     die;
@@ -172 +172 @@
         wp_redirect( wp_get_referer() );
     else
-        wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' );
+        wp_redirect( admin_url('edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments') );
 
     exit();
@@ -201 +201 @@
         wp_redirect( wp_get_referer() );
     else
-        wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' );
+        wp_redirect( admin_url('edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments') );
 
     exit();

trunk/wp-admin/custom-header.php

@@ -190 +190 @@
 </div>
 <?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?>
-<form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true">
+<form method="post" action="<?php echo admin_url('themes.php?page=custom-header&amp;updated=true') ?>">
 <input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
 <input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />

trunk/wp-admin/edit-pages.php

@@ -21 +21 @@
 
     $sendback = wp_get_referer();
-    if (strpos($sendback, 'page.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/page-new.php';
-    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
+    if (strpos($sendback, 'page.php') !== false) $sendback = admin_url('page-new.php');
+    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
     $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
 

trunk/wp-admin/edit.php

@@ -21 +21 @@
 
     $sendback = wp_get_referer();
-    if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php';
-    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
+    if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('post-new.php');
+    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
     $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
 

trunk/wp-admin/includes/dashboard.php

@@ -226 +226 @@
 
     if ( $widget_feed_link )
-        $links[] = '<img class="rss-icon" src="' . get_option( 'siteurl' ) . '/' . WPINC . '/images/rss.png" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>';
+        $links[] = '<img class="rss-icon" src="' . includes_url('images/rss.png') . '" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>';
 
     $links = apply_filters( "wp_dashboard_widget_links_$widget_id", $links );

trunk/wp-admin/includes/media.php

@@ -754 +754 @@
     global $type, $tab;
 
-    $flash_action_url = get_option('siteurl') . "/wp-admin/async-upload.php";
+    $flash_action_url = admin_url('async-upload.php');
 
     // If Mac and mod_security, no Flash. :(
@@ -785 +785 @@
     swfu = new SWFUpload({
             upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>",
-            flash_url : "<?php echo get_option('siteurl').'/wp-includes/js/swfupload/swfupload_f9.swf'; ?>",
+            flash_url : "<?php echo includes_url('js/swfupload/swfupload_f9.swf'); ?>",
             file_post_name: "async-upload",
             file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
@@ -845 +845 @@
     $post_id = intval($_REQUEST['post_id']);
 
-    $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type=$type&tab=type&post_id=$post_id";
+    $form_action_url = admin_url("media-upload.php?type=$type&tab=type&post_id=$post_id");
     $form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type);
 
@@ -896 +896 @@
     $post_id = intval($_REQUEST['post_id']);
 
-    $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type={$GLOBALS['type']}&tab=gallery&post_id=$post_id";
+    $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=gallery&post_id=$post_id");
 
 ?>
@@ -935 +935 @@
     $post_id = intval($_REQUEST['post_id']);
 
-    $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type={$GLOBALS['type']}&tab=library&post_id=$post_id";
+    $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=library&post_id=$post_id");
 
     $_GET['paged'] = intval($_GET['paged']);

trunk/wp-admin/page.php

@@ -149 +149 @@
 
     $sendback = wp_get_referer();
-    if (strpos($sendback, 'page.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/page.php';
-    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
+    if (strpos($sendback, 'page.php') !== false) $sendback = admin_url('page.php');
+    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
     $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
     wp_redirect($sendback);

trunk/wp-admin/post.php

@@ -160 +160 @@
 
     $sendback = wp_get_referer();
-    if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php';
-    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
+    if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('post-new.php');
+    elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
     $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
     wp_redirect($sendback);

trunk/wp-admin/themes.php

@@ -58 +58 @@
 <div id="current-theme">
 <?php if ( $ct->screenshot ) : ?>
-<img src="<?php echo get_option('siteurl') . '/' . $ct->stylesheet_dir . '/' . $ct->screenshot; ?>" alt="<?php _e('Current theme preview'); ?>" />
+<img src="<?php echo site_url($ct->stylesheet_dir . '/' . $ct->screenshot); ?>" alt="<?php _e('Current theme preview'); ?>" />
 <?php endif; ?>
 <h3><?php printf(_c('%1$s %2$s by %3$s|1: theme title, 2: theme version, 3: theme author'), $ct->title, $ct->version, $ct->author) ; ?></h3>
@@ -127 +127 @@
         <a href="<?php echo $activate_link; ?>" class="<?php echo $thickbox_class; ?> screenshot">
 <?php if ( $screenshot ) : ?>
-            <img src="<?php echo ( $tpage == 'stage' ) ? $screenshot : get_option('siteurl') . '/' . $stylesheet_dir . '/' . $screenshot; ?>" alt="" />
+            <img src="<?php echo ( $tpage == 'stage' ) ? $screenshot : site_url($stylesheet_dir . '/' . $screenshot); ?>" alt="" />
 <?php endif; ?>
         </a>

trunk/wp-admin/users.php

@@ -397 +397 @@
 <?php
     if ( get_option('users_can_register') )
-        echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_option('siteurl').'/wp-register.php') . '</p>';
+        echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), site_url('wp-register.php')) . '</p>';
     else
-            echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), get_option('siteurl').'/wp-admin/options-general.php#users_can_register') . '</p>';
+        echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), admin_url('options-general.php#users_can_register')) . '</p>';
 ?>
 <form action="#add-new-user" method="post" name="adduser" id="adduser" class="add:users: validate">

trunk/wp-includes/functions.php

@@ -1766 +1766 @@
 }
 
+function is_ssl() {
+    return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false; 
+}
 ?>

trunk/wp-includes/general-template.php

@@ -1140 +1140 @@
         $_file = "./$file.css";
     } else {
-        $_file = get_option( 'siteurl' ) . "/wp-admin/$file.css";
+        $_file = admin_url("$file.css");
     }
     $_file = add_query_arg( 'version', get_bloginfo( 'version' ),  $_file );

trunk/wp-includes/link-template.php

@@ -775 +775 @@
     return apply_filters('shortcut_link', $link);
 }
+
+// return the site_url option, using https if is_ssl() is true
+// if $scheme is 'http' or 'https' it will override is_ssl()
+function site_url($path = '', $scheme = null) {
+    // should the list of allowed schemes be maintained elsewhere?
+    if ( !in_array($scheme, array('http', 'https')) )
+        $scheme = ( is_ssl() ? 'https' : 'http' );
+
+    $url = str_replace( 'http://', "{$scheme}://", get_option('siteurl') );
+
+    if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
+        $url .= '/' . ltrim($path, '/');
+
+    return $url;
+}
+
+function admin_url($path = '') {
+    global $_wp_admin_url;
+
+    $url = site_url() . '/wp-admin/';
+
+    if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
+        $url .= ltrim($path, '/');
+
+    return $url;
+}
+
+function includes_url($path = '') {
+    global $_wp_includes_url;
+
+    $url = site_url() . '/' . WPINC . '/';
+
+    if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
+        $url .= ltrim($path, '/');
+
+    return $url;
+}
+
 ?>

trunk/wp-includes/media.php

@@ -307 +307 @@
 
     if ( $icon && $src = wp_mime_type_icon($attachment_id) ) {
-        $icon_dir = apply_filters( 'icon_dir', ABSPATH . WPINC . '/images/crystal' );
+        $icon_dir = apply_filters( 'icon_dir', includes_url('images/crystal') );
         $src_file = $icon_dir . '/' . basename($src);
         @list($width, $height) = getimagesize($src_file);

trunk/wp-includes/pluggable.php

@@ -470 +470 @@
 function wp_validate_auth_cookie($cookie = '') {
     if ( empty($cookie) ) {
-        if ( empty($_COOKIE[AUTH_COOKIE]) )
+        if ( is_ssl() )
+            $cookie_name = SECURE_AUTH_COOKIE;
+        else
+            $cookie_name = AUTH_COOKIE;
+
+        if ( empty($_COOKIE[$cookie_name]) )
             return false;
-        $cookie = $_COOKIE[AUTH_COOKIE];
+        $cookie = $_COOKIE[$cookie_name];
     }
 
@@ -515 +520 @@
  * @param int $user_id User ID
  * @param int $expiration Cookie expiration in seconds
+ * @param bool $secure Whether the cookie is for https delivery only or not.  Not used by default.  For plugin use.
  * @return string Authentication cookie contents
  */
-function wp_generate_auth_cookie($user_id, $expiration) {
+function wp_generate_auth_cookie($user_id, $expiration, $secure = false) {
     $user = get_userdata($user_id);
 
@@ -525 +531 @@
     $cookie = $user->user_login . '|' . $expiration . '|' . $hash;
 
-    return apply_filters('auth_cookie', $cookie, $user_id, $expiration);
+    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $secure);
 }
 endif;
@@ -551 +557 @@
     }
 
-    $cookie = wp_generate_auth_cookie($user_id, $expiration);
-
-    do_action('set_auth_cookie', $cookie, $expire);
-
-    setcookie(AUTH_COOKIE, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
+    if ( is_ssl() ) {
+        $secure = true;
+        $cookie_name = SECURE_AUTH_COOKIE;
+    } else {
+        $secure = false;
+        $cookie_name = AUTH_COOKIE;
+    }
+
+    $cookie = wp_generate_auth_cookie($user_id, $expiration, $secure);
+
+    do_action('set_auth_cookie', $cookie, $expire, $secure);
+
+    setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
     if ( COOKIEPATH != SITECOOKIEPATH )
-        setcookie(AUTH_COOKIE, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
+        setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
 }
 endif;
@@ -570 +584 @@
     setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
     setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
+    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
+    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
 
     // Old cookies
@@ -605 +621 @@
 function auth_redirect() {
     // Checks if a user is logged in, if not redirects them to the login page
-    if ( (!empty($_COOKIE[AUTH_COOKIE]) &&
-                !wp_validate_auth_cookie($_COOKIE[AUTH_COOKIE])) ||
-            (empty($_COOKIE[AUTH_COOKIE])) ) {
-        nocache_headers();
-
-        wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
-        exit();
-    }
+
+    if ( is_ssl() || (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )
+        $secure = true;
+    else
+        $secure = false;
+
+    // If https is required and request is http, redirect
+    if ( $secure && !is_ssl() ) {
+        if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) {
+            wp_redirect(str_replace('http://', 'https://', $_SERVER['REQUEST_URI']));
+            exit();
+        } else {
+            wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+            exit();         
+        }
+    }
+
+    if ( wp_validate_auth_cookie() )
+        return;  // The cookie is good so we're done
+
+    // The cookie is no good so force login
+    nocache_headers();
+
+    $login_url = get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
+
+    //  Redirect to https if connection is secure
+    if ( $secure )
+        $login_url = str_replace('http://', 'https://', $login_url);
+    wp_redirect($login_url);
+    exit();
 }
 endif;

trunk/wp-includes/script-loader.php

@@ -8 +8 @@
 
 function wp_default_scripts( &$scripts ) {
-    $scripts->base_url = get_option( 'siteurl' );
+    $scripts->base_url = site_url();
     $scripts->default_version = get_bloginfo( 'version' );
 
@@ -51 +51 @@
     $scripts->add( 'wp-lists', '/wp-includes/js/wp-lists.js', array('wp-ajax-response'), '20080411' );
     $scripts->localize( 'wp-lists', 'wpListL10n', array(
-        'url' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php'
+        'url' => admin_url('admin-ajax.php')
     ) );
 
@@ -130 +130 @@
         $scripts->add( 'postbox', '/wp-admin/js/postbox.js', array('jquery'), '20080128' );
         $scripts->localize( 'postbox', 'postboxL10n', array(
-            'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
+            'requestFile' => admin_url('admin-ajax.php'),
         ) );
         $scripts->add( 'slug', '/wp-admin/js/slug.js', array('jquery'), '20080208' );
         $scripts->localize( 'slug', 'slugL10n', array(
-            'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
+            'requestFile' => admin_url('admin-ajax.php'),
             'save' => __('Save'),
             'cancel' => __('Cancel'),
@@ -205 +205 @@
 
 function wp_default_styles( &$styles ) {
-    $styles->base_url = get_option( 'siteurl' );
+    $styles->base_url = site_url();
     $styles->default_version = get_bloginfo( 'version' );
     $styles->text_direction = 'rtl' == get_bloginfo( 'text_direction' ) ? 'rtl' : 'ltr';
@@ -259 +259 @@
         'previewPageText' => __('Preview this Page'),
         'previewPostText' => __('Preview this Post'),
-        'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
+        'requestFile' => admin_url('admin-ajax.php'),
         'savingText' => __('Saving Draft…')
     ) );

trunk/wp-login.php

@@ -138 +138 @@
     $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
     $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
-    $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n";
+    $message .= site_url("wp-login.php?action=rp&key=$key") . "\r\n";
 
     if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) )
@@ -175 +175 @@
     $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
     $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
-    $message .= get_option('siteurl') . "/wp-login.php\r\n";
+    $message .= site_url('wp-login.php') . "\r\n";
 
     if (  !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) )
@@ -406 +406 @@
         // If the user can't edit posts, send them to their profile.
         if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
-            $redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
+            $redirect_to = admin_url('profile.php');
         wp_safe_redirect($redirect_to);
         exit();

trunk/wp-settings.php

@@ -312 +312 @@
 /**
  * It is possible to define this in wp-config.php
+ * @since 2.6
+ */
+if ( !defined('SECURE_AUTH_COOKIE') )
+    define('SECURE_AUTH_COOKIE', 'wordpress_sec_' . COOKIEHASH);
+
+/**
+ * It is possible to define this in wp-config.php
  * @since 2.3.0
  */