Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#19798 closed defect (bug) (fixed)

Retire wp-pass.php

Reported by: ryan Owned by: ryan
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.3
Component: Security Keywords: has-patch
Focuses: Cc:


This could be handled as an action in wp-login.php, for example, rather than polluting the root directory. Wherever the destination, the POST should honor the login_post scheme for site_url().

Attachments (2)

19798.patch (2.5 KB) - added by SergeyBiryukov 3 years ago.
19798.2.patch (2.9 KB) - added by SergeyBiryukov 3 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 @SergeyBiryukov3 years ago

  • Keywords has-patch added

@SergeyBiryukov3 years ago

@SergeyBiryukov3 years ago

comment:2 @SergeyBiryukov3 years ago

Refreshed to include the changes in [19728].

Related: #10253

comment:3 @ryan3 years ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [19925]:

Set post password cookies via an action in wp-login.php. Retire wp-pass.php (one less root file). Obey login ssl preferences for post password form submission. Props SergeyBiryukov. fixes #19798

Note: See TracTickets for help on using tickets.