Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#19798 closed defect (bug) (fixed)

Retire wp-pass.php

Reported by: ryan Owned by: ryan
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.3
Component: Security Keywords: has-patch
Focuses: Cc:


This could be handled as an action in wp-login.php, for example, rather than polluting the root directory. Wherever the destination, the POST should honor the login_post scheme for site_url().

Attachments (2)

19798.patch (2.5 KB) - added by SergeyBiryukov 4 years ago.
19798.2.patch (2.9 KB) - added by SergeyBiryukov 4 years ago.

Download all attachments as: .zip

Change History (5)

#1 @SergeyBiryukov
4 years ago

  • Keywords has-patch added

#2 @SergeyBiryukov
4 years ago

Refreshed to include the changes in [19728].

Related: #10253

#3 @ryan
4 years ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [19925]:

Set post password cookies via an action in wp-login.php. Retire wp-pass.php (one less root file). Obey login ssl preferences for post password form submission. Props SergeyBiryukov. fixes #19798

Note: See TracTickets for help on using tickets.