[wp-trac] [WordPress Trac] #11643: Invalid code in wp-login.php
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 8 19:07:03 UTC 2010
#11643: Invalid code in wp-login.php
--------------------------+-------------------------------------------------
Reporter: hakre | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: General | Version: 2.9
Severity: normal | Keywords: has-patch needs-testing
--------------------------+-------------------------------------------------
Comment(by ryan):
Replying to [comment:3 hakre]:
> If I put testing there it at least means that the code was executed with
the patch applied.
That makes the tested keyword pretty much useless.
What that line is saying is that if the user was redirected to an ssl
login page from a non ssl admin link and that secure login is required but
secure admin is not, then don't require a secure cookie. This way the user
can POST their login creds over https but not be forced to visit the admin
via https. Yes, some people want this. You can do this in gmail too, for
example. Also, there is a difference between $secure_cookie = false and
$secure_cookie = ''.
From what I see, the code does what is intended and removing that line
breaks a currently supported scenario that is widely used on
wordpress.com, for one.
A comment describing all of that is much needed though, as the code is
impenetrable. I'll add something.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11643#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list