Make WordPress Core

Opened 10 years ago

Closed 8 years ago

#2055 closed enhancement (wontfix)

No way to "sign out" from password-protected posts/pages

Reported by: skeltoac Owned by: pishmishy
Milestone: Priority: normal
Severity: minor Version: 2.0
Component: Security Keywords: password cookie has-patch
Focuses: Cc:


The postpassword cookie survives the logout process. Logout would be one good time to clear those cookies.

You don't have to be logged in to enter a password, so there needs to be an additional way to log out of password-protected posts and pages.

Attachments (3)

2055.diff (1.2 KB) - added by Shindakun 10 years ago.
2055 diff
2055-postpassword.patch (1.5 KB) - added by pishmishy 8 years ago.
pluggable.php (19.5 KB) - added by sukram 8 years ago.
Uploaded the wrong data, now it works, sorry

Download all attachments as: .zip

Change History (15)

#1 @matt
10 years ago

  • Milestone changed from 2.0 to 2.1

10 years ago

2055 diff

#2 @Shindakun
10 years ago

My "fix" for the problem - try it out. It seems to work fine.

#3 @matt
9 years ago

  • Milestone changed from 2.1 to 2.2

#4 @foolswisdom
9 years ago

  • Milestone changed from 2.2 to 2.3

#5 @pishmishy
8 years ago

  • Owner changed from anonymous to pishmishy
  • Status changed from new to assigned

#6 @pishmishy
8 years ago

I'm not sure about this bug but I don't think your patch is the way to do things. As you say, a user doesn't have to be logged in to enter a password. That means they might not even have the option to use the logout button. The following patch adds a clear_password_link() function that could be used in a template but I'm not that sure if this is the desirable way to handle this.

#7 @pishmishy
8 years ago

  • Keywords has_patch added
  • Type changed from defect to enhancement

#8 @pishmishy
8 years ago

  • Keywords has-patch added; has_patch removed

#9 @ryan
8 years ago

  • Milestone changed from 2.3 to 2.4 (next)

8 years ago

Uploaded the wrong data, now it works, sorry

#10 @sukram
8 years ago

To see the uploaded pluggable.php working you first have to delete your cookies. It fixed the Problem on Subdomains for me.

#11 @pishmishy
8 years ago

  • Milestone changed from 2.5 to 2.6

Bumping milestone for feature freeze.

#12 @pishmishy
8 years ago

  • Milestone 2.6 deleted
  • Resolution set to wontfix
  • Status changed from assigned to closed
  • There's been no move to include this in trunk despite patches being available.
  • I don't really see it as a security bug, more of a feature
  • From the lack of traffic on this ticket there doesn't appear to be much call for this feature.

I'm going to close this one as WONTFIX, sorry.

Note: See TracTickets for help on using tickets.