Make WordPress Core

Opened 19 years ago

Closed 17 years ago

#2055 closed enhancement (wontfix)

No way to "sign out" from password-protected posts/pages

Reported by: skeltoac's profile skeltoac Owned by: pishmishy's profile pishmishy
Milestone: Priority: normal
Severity: minor Version: 2.0
Component: Security Keywords: password cookie has-patch
Focuses: Cc:

Description

The postpassword cookie survives the logout process. Logout would be one good time to clear those cookies.

You don't have to be logged in to enter a password, so there needs to be an additional way to log out of password-protected posts and pages.

Attachments (3)

2055.diff (1.2 KB) - added by Shindakun 19 years ago.
2055 diff
2055-postpassword.patch (1.5 KB) - added by pishmishy 18 years ago.
pluggable.php (19.5 KB) - added by sukram 17 years ago.
Uploaded the wrong data, now it works, sorry

Download all attachments as: .zip

Change History (15)

#1 @matt
19 years ago

  • Milestone changed from 2.0 to 2.1

@Shindakun
19 years ago

2055 diff

#2 @Shindakun
19 years ago

My "fix" for the problem - try it out. It seems to work fine.

#3 @matt
18 years ago

  • Milestone changed from 2.1 to 2.2

#4 @foolswisdom
18 years ago

  • Milestone changed from 2.2 to 2.3

#5 @pishmishy
18 years ago

  • Owner changed from anonymous to pishmishy
  • Status changed from new to assigned

#6 @pishmishy
18 years ago

I'm not sure about this bug but I don't think your patch is the way to do things. As you say, a user doesn't have to be logged in to enter a password. That means they might not even have the option to use the logout button. The following patch adds a clear_password_link() function that could be used in a template but I'm not that sure if this is the desirable way to handle this.

#7 @pishmishy
18 years ago

  • Keywords has_patch added
  • Type changed from defect to enhancement

#8 @pishmishy
18 years ago

  • Keywords has-patch added; has_patch removed

#9 @ryan
17 years ago

  • Milestone changed from 2.3 to 2.4 (next)

@sukram
17 years ago

Uploaded the wrong data, now it works, sorry

#10 @sukram
17 years ago

To see the uploaded pluggable.php working you first have to delete your cookies. It fixed the Problem on Subdomains for me.

#11 @pishmishy
17 years ago

  • Milestone changed from 2.5 to 2.6

Bumping milestone for feature freeze.

#12 @pishmishy
17 years ago

  • Milestone 2.6 deleted
  • Resolution set to wontfix
  • Status changed from assigned to closed
  • There's been no move to include this in trunk despite patches being available.
  • I don't really see it as a security bug, more of a feature
  • From the lack of traffic on this ticket there doesn't appear to be much call for this feature.

I'm going to close this one as WONTFIX, sorry.

Note: See TracTickets for help on using tickets.