WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#18137 closed defect (bug) (fixed)

wp_login_form() uses the incorrect scheme

Reported by: mdawaffe Owned by: nacin
Milestone: 3.2.2 Priority: normal
Severity: normal Version: 3.2.1
Component: General Keywords: has-patch
Focuses: Cc:

Description

wp_login_form() currently uses the 'login' auth scheme, which only serves HTTPS requests when force_ssl_admin() is set.

The correct scheme for the form is 'login_post', which serves HTTPS requests when either force_ssl_login() or force_ssl_admin is set.

Attached.

Attachments (1)

18137.diff (815 bytes) - added by mdawaffe 4 years ago.

Download all attachments as: .zip

Change History (4)

@mdawaffe4 years ago

comment:1 @nacin4 years ago

  • Milestone changed from Awaiting Review to 3.2.2

comment:2 @nacin4 years ago

In [18444]:

Use login_post context for wp_login_form action. props mdawaffe, see #18137 for trunk.

comment:3 @nacin4 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [18463]:

Use login_post context for wp_login_form action. props mdawaffe, fixes #18137. for the 3.2 branch.

Note: See TracTickets for help on using tickets.