WordPress.org

Make WordPress Core

Changeset 8701


Ignore:
Timestamp:
08/21/08 17:40:38 (6 years ago)
Author:
ryan
Message:

Option to force SSL. see #7561

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/user.php

    r8646 r8701  
    7474        $user->rich_editing = 'false'; 
    7575 
     76    $user->use_ssl = 0; 
     77    if ( !empty($_POST['use_ssl']) ) 
     78        $user->use_ssl = 1; 
     79 
    7680    if ( !$update ) 
    7781        $user->admin_color = 'fresh';  // Default to fresh for new users. 
  • trunk/wp-admin/user-edit.php

    r8656 r8701  
    100100$user_id = (int) $user_id; 
    101101 
    102 if ( !$user_id ) 
     102if ( !$user_id ) { 
    103103    if ( $is_profile_page ) { 
    104104        $current_user = wp_get_current_user(); 
     
    107107        wp_die(__('Invalid user ID.')); 
    108108    } 
     109} 
     110 
     111// Optional SSL preference that can be turned on by hooking to the 'personal_options' action  
     112function use_ssl_preference($user) { 
     113?> 
     114    <tr> 
     115        <th scope="row"><?php _e('Use https')?></th> 
     116        <td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked('1', $user->use_ssl); ?> /> <?php _e('Always use https when visiting the admin'); ?></label></td> 
     117    </tr> 
     118<?php 
     119} 
    109120 
    110121switch ($action) { 
     
    130141$errors = edit_user($user_id); 
    131142 
    132 if( !is_wp_error( $errors ) ) { 
     143if ( !is_wp_error( $errors ) ) { 
    133144    $redirect = ($is_profile_page? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true"; 
    134145    $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect); 
     
    141152 
    142153if ( !current_user_can('edit_user', $user_id) ) 
    143         wp_die(__('You do not have permission to edit this user.')); 
     154    wp_die(__('You do not have permission to edit this user.')); 
    144155 
    145156include ('admin-header.php'); 
     
    210221</fieldset></td> 
    211222</tr> 
    212 <?php endif; ?> 
     223<?php 
     224endif; 
     225do_action('personal_options', $profileuser); 
     226?> 
    213227</table> 
    214228<?php 
    215     if ( $is_profile_page ) { 
    216         do_action('profile_personal_options'); 
    217     } 
     229    if ( $is_profile_page ) 
     230        do_action('profile_personal_options', $profileuser); 
    218231?> 
    219232 
  • trunk/wp-includes/pluggable.php

    r8696 r8701  
    704704    } 
    705705 
    706     if ( wp_validate_auth_cookie() ) 
     706    if ( $user_id = wp_validate_auth_cookie() ) { 
     707        // If the user wants ssl but the session is not ssl, redirect. 
     708        if ( !$secure && get_user_option('use_ssl', $user_id) ) { 
     709            if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 
     710                wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 
     711                exit(); 
     712            } else { 
     713                wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
     714                exit(); 
     715            } 
     716        } 
     717 
    707718        return;  // The cookie is good so we're done 
     719    } 
    708720 
    709721    // The cookie is no good so force login 
  • trunk/wp-includes/registration.php

    r7313 r8701  
    159159    $admin_color = preg_replace('|[^a-z0-9 _.\-@]|i', '', $admin_color); 
    160160 
     161    if ( empty($use_ssl) ) 
     162        $use_ssl = 0; 
     163 
    161164    if ( empty($user_registered) ) 
    162165        $user_registered = gmdate('Y-m-d H:i:s'); 
     
    182185    update_usermeta( $user_id, 'rich_editing', $rich_editing); 
    183186    update_usermeta( $user_id, 'admin_color', $admin_color); 
     187    update_usermeta( $user_id, 'use_ssl', $use_ssl); 
    184188 
    185189    if ( $update && isset($role) ) { 
  • trunk/wp-login.php

    r8600 r8701  
    408408case 'login' : 
    409409default: 
    410     if ( isset( $_REQUEST['redirect_to'] ) ) 
     410    $secure_cookie = ''; 
     411 
     412    // If the user wants ssl but the session is not ssl, force a secure cookie. 
     413    if ( !empty($_POST['log']) && !force_ssl_admin() ) { 
     414        $user_name = sanitize_user($_POST['log']); 
     415        if ( $user = get_userdatabylogin($user_name) ) { 
     416            if ( get_user_option('use_ssl', $user->ID) ) { 
     417                $secure_cookie = true; 
     418                force_ssl_admin(true); 
     419            } 
     420        } 
     421    } 
     422 
     423    if ( isset( $_REQUEST['redirect_to'] ) ) { 
    411424        $redirect_to = $_REQUEST['redirect_to']; 
    412     else 
     425        // Redirect to https if user wants ssl 
     426        if ( $secure_cookie ) 
     427            $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); 
     428    } else { 
    413429        $redirect_to = admin_url(); 
    414  
    415     if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) ) 
     430    } 
     431 
     432    if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) ) 
    416433        $secure_cookie = false; 
    417     else 
    418         $secure_cookie = ''; 
    419434 
    420435    $user = wp_signon('', $secure_cookie); 
Note: See TracChangeset for help on using the changeset viewer.