WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 6 years ago

#2055 closed enhancement (wontfix)

No way to "sign out" from password-protected posts/pages

Reported by: skeltoac Owned by: pishmishy
Milestone: Priority: normal
Severity: minor Version: 2.0
Component: Security Keywords: password cookie has-patch
Focuses: Cc:

Description

The postpassword cookie survives the logout process. Logout would be one good time to clear those cookies.

You don't have to be logged in to enter a password, so there needs to be an additional way to log out of password-protected posts and pages.

Attachments (3)

2055.diff (1.2 KB) - added by Shindakun 8 years ago.
2055 diff
2055-postpassword.patch (1.5 KB) - added by pishmishy 7 years ago.
pluggable.php (19.5 KB) - added by sukram 7 years ago.
Uploaded the wrong data, now it works, sorry

Download all attachments as: .zip

Change History (15)

comment:1 matt8 years ago

  • Milestone changed from 2.0 to 2.1

Shindakun8 years ago

2055 diff

comment:2 Shindakun8 years ago

My "fix" for the problem - try it out. It seems to work fine.

comment:3 matt7 years ago

  • Milestone changed from 2.1 to 2.2

comment:4 foolswisdom7 years ago

  • Milestone changed from 2.2 to 2.3

comment:5 pishmishy7 years ago

  • Owner changed from anonymous to pishmishy
  • Status changed from new to assigned

comment:6 pishmishy7 years ago

I'm not sure about this bug but I don't think your patch is the way to do things. As you say, a user doesn't have to be logged in to enter a password. That means they might not even have the option to use the logout button. The following patch adds a clear_password_link() function that could be used in a template but I'm not that sure if this is the desirable way to handle this.

comment:7 pishmishy7 years ago

  • Keywords has_patch added
  • Type changed from defect to enhancement

comment:8 pishmishy7 years ago

  • Keywords has-patch added; has_patch removed

comment:9 ryan7 years ago

  • Milestone changed from 2.3 to 2.4 (next)

sukram7 years ago

Uploaded the wrong data, now it works, sorry

comment:10 sukram7 years ago

To see the uploaded pluggable.php working you first have to delete your cookies. It fixed the Problem on Subdomains for me.

comment:11 pishmishy6 years ago

  • Milestone changed from 2.5 to 2.6

Bumping milestone for feature freeze.

comment:12 pishmishy6 years ago

  • Milestone 2.6 deleted
  • Resolution set to wontfix
  • Status changed from assigned to closed
  • There's been no move to include this in trunk despite patches being available.
  • I don't really see it as a security bug, more of a feature
  • From the lack of traffic on this ticket there doesn't appear to be much call for this feature.

I'm going to close this one as WONTFIX, sorry.

Note: See TracTickets for help on using tickets.