WordPress.org
Get WordPress

Make WordPress Core

Changeset 8197 for trunk/wp-login.php


Ignore:
Timestamp:
06/26/2008 04:40:04 PM (18 years ago)
Author:
ryan
Message:

Only use SSL for login POST links if SSL logins are forced. Clear old cookies. see #7001

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-login.php

    r8190 r8197  
    1313
    1414// Redirect to https login if forced to use SSL
    15 if ( (force_ssl_admin() || force_ssl_login()) && !is_ssl() ) {
     15if ( force_ssl_admin() && !is_ssl() ) {
    1616    if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
    1717        wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
     
    313313?>
    314314
    315 <form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post">
     315<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
    316316    <p>
    317317        <label><?php _e('Username or E-mail:') ?><br />
     
    377377?>
    378378
    379 <form name="registerform" id="registerform" action="wp-login.php?action=register" method="post">
     379<form name="registerform" id="registerform" action="<?php echo siteu_url('wp-login.php?action=register', 'login_post') ?>" method="post">
    380380    <p>
    381381        <label><?php _e('Username') ?><br />
     
    410410        $redirect_to = $_REQUEST['redirect_to'];
    411411    else
    412         $redirect_to = 'wp-admin/';
     412        $redirect_to = admin_url();
    413413
    414414    if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
     
    446446?>
    447447
    448 <form name="loginform" id="loginform" action="wp-login.php" method="post">
     448<form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post">
    449449<?php if ( !isset($_GET['checkemail']) || !in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
    450450    <p>
Note: See TracChangeset for help on using the changeset viewer.