WordPress.org

Make WordPress Core

Changeset 8197


Ignore:
Timestamp:
06/26/2008 04:40:04 PM (12 years ago)
Author:
ryan
Message:

Only use SSL for login POST links if SSL logins are forced. Clear old cookies. see #7001

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/link-template.php

    r8108 r8197  
    782782    // should the list of allowed schemes be maintained elsewhere?
    783783    if ( !in_array($scheme, array('http', 'https')) ) {
    784         if ( ('login' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) )
     784        if ( ('login_post' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) )
     785            $scheme = 'https';
     786        elseif ( ('login' == $scheme) && ( force_ssl_admin() ) )
    785787            $scheme = 'https';
    786788        elseif ( ('admin' == $scheme) && force_ssl_admin() )
  • trunk/wp-includes/pluggable.php

    r8190 r8197  
    611611    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
    612612    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
     613    setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
     614    setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
     615    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
     616    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
    613617    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
    614618    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
  • trunk/wp-login.php

    r8190 r8197  
    1313
    1414// Redirect to https login if forced to use SSL
    15 if ( (force_ssl_admin() || force_ssl_login()) && !is_ssl() ) {
     15if ( force_ssl_admin() && !is_ssl() ) {
    1616    if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
    1717        wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
     
    313313?>
    314314
    315 <form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post">
     315<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
    316316    <p>
    317317        <label><?php _e('Username or E-mail:') ?><br />
     
    377377?>
    378378
    379 <form name="registerform" id="registerform" action="wp-login.php?action=register" method="post">
     379<form name="registerform" id="registerform" action="<?php echo siteu_url('wp-login.php?action=register', 'login_post') ?>" method="post">
    380380    <p>
    381381        <label><?php _e('Username') ?><br />
     
    410410        $redirect_to = $_REQUEST['redirect_to'];
    411411    else
    412         $redirect_to = 'wp-admin/';
     412        $redirect_to = admin_url();
    413413
    414414    if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
     
    446446?>
    447447
    448 <form name="loginform" id="loginform" action="wp-login.php" method="post">
     448<form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post">
    449449<?php if ( !isset($_GET['checkemail']) || !in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
    450450    <p>
Note: See TracChangeset for help on using the changeset viewer.