Changeset 8197

Show
Ignore:
Timestamp:
06/26/08 16:40:04 (2 months ago)
Author:
ryan
Message:

Only use SSL for login POST links if SSL logins are forced. Clear old cookies. see #7001

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-includes/link-template.php

    r8108 r8197  
    782782    // should the list of allowed schemes be maintained elsewhere? 
    783783    if ( !in_array($scheme, array('http', 'https')) ) { 
    784         if ( ('login' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) ) 
     784        if ( ('login_post' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) ) 
     785            $scheme = 'https'; 
     786        elseif ( ('login' == $scheme) && ( force_ssl_admin() ) ) 
    785787            $scheme = 'https'; 
    786788        elseif ( ('admin' == $scheme) && force_ssl_admin() ) 

  • trunk/wp-includes/pluggable.php

    r8190 r8197  
    611611    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 
    612612    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 
     613    setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 
     614    setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 
     615    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 
     616    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 
    613617    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 
    614618    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 

  • trunk/wp-login.php

    r8190 r8197  
    1313 
    1414// Redirect to https login if forced to use SSL 
    15 if ( (force_ssl_admin() || force_ssl_login()) && !is_ssl() ) { 
     15if ( force_ssl_admin() && !is_ssl() ) { 
    1616    if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 
    1717        wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 
     
    313313?> 
    314314 
    315 <form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post"> 
     315<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post"> 
    316316    <p> 
    317317        <label><?php _e('Username or E-mail:') ?><br /> 
     
    377377?> 
    378378 
    379 <form name="registerform" id="registerform" action="wp-login.php?action=register" method="post"> 
     379<form name="registerform" id="registerform" action="<?php echo siteu_url('wp-login.php?action=register', 'login_post') ?>" method="post"> 
    380380    <p> 
    381381        <label><?php _e('Username') ?><br /> 
     
    410410        $redirect_to = $_REQUEST['redirect_to']; 
    411411    else 
    412         $redirect_to = 'wp-admin/'
     412        $redirect_to = admin_url()
    413413 
    414414    if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) ) 
     
    446446?> 
    447447 
    448 <form name="loginform" id="loginform" action="wp-login.php" method="post"> 
     448<form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post"> 
    449449<?php if ( !isset($_GET['checkemail']) || !in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?> 
    450450    <p>