Opened 12 years ago
Closed 12 years ago
#22705 closed defect (bug) (fixed)
Admin cookies set to wrong path for main blog in a WP-in-subdir-sites-on-root install that uses subdomains
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.5 | Priority: | high |
Severity: | blocker | Version: | |
Component: | Administration | Keywords: | has-patch needs-testing commit |
Focuses: | Cc: |
Description
- Install WordPress in /wordpress/
- Move 'home' to /
- Convert it to Multisite, using subdomains.
- Complete the .htaccess/wp-config.php steps
- Go to /wordpress/wp-login.php
- Try to log in.
Failure. It'll give you wp-admin cookies for /wp-admin/ but redirect you to /wordpress/wp-admin/. You'll get kicked back to wp-login.php
Attachments (2)
Change History (12)
#2
in reply to:
↑ 1
;
follow-up:
↓ 5
@
12 years ago
Replying to nacin:
This breaks the network admin, looks like, which operates from the root.
If you have home != siteurl and update to WordPress, we designed it (in part at my urging to keep the feature to rewrites only) to keep the existing /wordpress/wp-admin/ URLs for the main site. But, this paradigm breaks the entire network admin, which forces itself to be $current_site->domain + $current_site->path.
I am not sure if these two things are reconcilable. We'd basically need to force a new login for the network admin.
The only alternative would be to relax the cookie security for these networks, down to what subdirectory installs already do. It isn't ideal, but it seems to work and is the least-impact change. (It also would only affect new networks.)
#4
@
12 years ago
That seems sanest at this point and shouldn't impede future improvements. Looks good.
#5
in reply to:
↑ 2
@
12 years ago
Replying to nacin:
We'd basically need to force a new login for the network admin.
The only alternative would be to relax the cookie security for these networks, down to what subdirectory installs already do. It isn't ideal, but it seems to work and is the least-impact change. (It also would only affect new networks.)
I agree with this. More generous cookie paths seem like a much better solution than multiple logins. I also don't think there's an actual security concern, other than the security-by-obscurity of a slightly different path.
Tested .2.diff and it works for me.
#6
follow-up:
↓ 7
@
12 years ago
The security concern is that we like to keep the admin cookies limited to wp-admin only. This means a vulnerability via the front-end of the site wouldn't necessarily result in any serious compromise.
But, we already relax those rules for subdirectory installs, so we're going to need to do it for this specific case of subdomain installs as well, for now. When we bring multiple-domain support into core, with that we'll need to do cross-site logins, which would mean we can again go back to having properly sequestered admin cookies for all types of sites.
#7
in reply to:
↑ 6
@
12 years ago
Replying to nacin:
we already relax those rules for subdirectory installs
This is what I was referring to. Maybe a better way to say it would have been that there are no new or unknown security concerns that we haven't already made a choice to accept in similar situations.
This breaks the network admin, looks like, which operates from the root.