WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#40060 new defect (bug)

Define ADMIN_COOKIE_PATH cause unreachable /wp-login.php

Reported by: esemlabel Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7.3
Component: Users Keywords:
Focuses: Cc:
PR Number:

Description

If user is logged in and tries to open /wp-login.php page, he never couldn't do this if ADMIN_COOKIE_PATH is set to root '/' (is equal to COOKIEPATH). Instead, the redirect to /wp-admin/ will occur. Even more, many of function during page load will run twice.

In a long route of functions, the last one is wp_parse_auth_cookie(), which return false to many functions called from, which cause "true" check in wp-login.php on line 814, where unneeded redirect happens.

<?php
if ( !is_wp_error($user) && !$reauth ) {
...
wp_redirect( $redirect_to );
exit();

In regular situation, wp_parse_auth_cookie() return "false" when checking auth cookie on wp-login.php from path '/', because existing one is for /wp-admin path. So wp-login.php loads normally.

<?php
if ( empty($_COOKIE[$cookie_name]) )
        return false;

But if ADMIN_COOKIE_PATH is defined with value, that not differs from COOKIEPATH or SITECOOKIEPATH - it return "true" and forever redirect to /wp-admin/.

Any ideas to solve this?

Change History (2)

#1 @esemlabel
3 years ago

Is there is ever need to different main cookie path from admin path while the cookie name and their values are completely identical?

#2 @esemlabel
3 years ago

Temporary fix.

<?php
add_action( 'login_init', 'deal_with_ADMIN_COOKIE_PATH' );
function deal_with_ADMIN_COOKIE_PATH() {
    if ( ( isset( $_COOKIE[AUTH_COOKIE] ) || isset( $_COOKIE[SECURE_AUTH_COOKIE] ) ) && ADMIN_COOKIE_PATH == COOKIEPATH ) {
        unset( $_COOKIE[ isset( $_COOKIE[AUTH_COOKIE] ) ? AUTH_COOKIE : SECURE_AUTH_COOKIE ] );
    }
}
Note: See TracTickets for help on using tickets.