WordPress.org

Make WordPress Core

Changeset 8701


Ignore:
Timestamp:
08/21/2008 05:40:38 PM (10 years ago)
Author:
ryan
Message:

Option to force SSL. see #7561

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/user.php

    r8646 r8701  
    7474        $user->rich_editing = 'false';
    7575
     76    $user->use_ssl = 0;
     77    if ( !empty($_POST['use_ssl']) )
     78        $user->use_ssl = 1;
     79
    7680    if ( !$update )
    7781        $user->admin_color = 'fresh';  // Default to fresh for new users.
  • trunk/wp-admin/user-edit.php

    r8656 r8701  
    100100$user_id = (int) $user_id;
    101101
    102 if ( !$user_id )
     102if ( !$user_id ) {
    103103    if ( $is_profile_page ) {
    104104        $current_user = wp_get_current_user();
     
    107107        wp_die(__('Invalid user ID.'));
    108108    }
     109}
     110
     111// Optional SSL preference that can be turned on by hooking to the 'personal_options' action
     112function use_ssl_preference($user) {
     113?>
     114    <tr>
     115        <th scope="row"><?php _e('Use https')?></th>
     116        <td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked('1', $user->use_ssl); ?> /> <?php _e('Always use https when visiting the admin'); ?></label></td>
     117    </tr>
     118<?php
     119}
    109120
    110121switch ($action) {
     
    130141$errors = edit_user($user_id);
    131142
    132 if( !is_wp_error( $errors ) ) {
     143if ( !is_wp_error( $errors ) ) {
    133144    $redirect = ($is_profile_page? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
    134145    $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
     
    141152
    142153if ( !current_user_can('edit_user', $user_id) )
    143         wp_die(__('You do not have permission to edit this user.'));
     154    wp_die(__('You do not have permission to edit this user.'));
    144155
    145156include ('admin-header.php');
     
    210221</fieldset></td>
    211222</tr>
    212 <?php endif; ?>
     223<?php
     224endif;
     225do_action('personal_options', $profileuser);
     226?>
    213227</table>
    214228<?php
    215     if ( $is_profile_page ) {
    216         do_action('profile_personal_options');
    217     }
     229    if ( $is_profile_page )
     230        do_action('profile_personal_options', $profileuser);
    218231?>
    219232
  • trunk/wp-includes/pluggable.php

    r8696 r8701  
    704704    }
    705705
    706     if ( wp_validate_auth_cookie() )
     706    if ( $user_id = wp_validate_auth_cookie() ) {
     707        // If the user wants ssl but the session is not ssl, redirect.
     708        if ( !$secure && get_user_option('use_ssl', $user_id) ) {
     709            if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
     710                wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
     711                exit();
     712            } else {
     713                wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
     714                exit();
     715            }
     716        }
     717
    707718        return;  // The cookie is good so we're done
     719    }
    708720
    709721    // The cookie is no good so force login
  • trunk/wp-includes/registration.php

    r7313 r8701  
    159159    $admin_color = preg_replace('|[^a-z0-9 _.\-@]|i', '', $admin_color);
    160160
     161    if ( empty($use_ssl) )
     162        $use_ssl = 0;
     163
    161164    if ( empty($user_registered) )
    162165        $user_registered = gmdate('Y-m-d H:i:s');
     
    182185    update_usermeta( $user_id, 'rich_editing', $rich_editing);
    183186    update_usermeta( $user_id, 'admin_color', $admin_color);
     187    update_usermeta( $user_id, 'use_ssl', $use_ssl);
    184188
    185189    if ( $update && isset($role) ) {
  • trunk/wp-login.php

    r8600 r8701  
    408408case 'login' :
    409409default:
    410     if ( isset( $_REQUEST['redirect_to'] ) )
     410    $secure_cookie = '';
     411
     412    // If the user wants ssl but the session is not ssl, force a secure cookie.
     413    if ( !empty($_POST['log']) && !force_ssl_admin() ) {
     414        $user_name = sanitize_user($_POST['log']);
     415        if ( $user = get_userdatabylogin($user_name) ) {
     416            if ( get_user_option('use_ssl', $user->ID) ) {
     417                $secure_cookie = true;
     418                force_ssl_admin(true);
     419            }
     420        }
     421    }
     422
     423    if ( isset( $_REQUEST['redirect_to'] ) ) {
    411424        $redirect_to = $_REQUEST['redirect_to'];
    412     else
     425        // Redirect to https if user wants ssl
     426        if ( $secure_cookie )
     427            $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
     428    } else {
    413429        $redirect_to = admin_url();
    414 
    415     if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
     430    }
     431
     432    if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
    416433        $secure_cookie = false;
    417     else
    418         $secure_cookie = '';
    419434
    420435    $user = wp_signon('', $secure_cookie);
Note: See TracChangeset for help on using the changeset viewer.