[wp-trac] [WordPress Trac] #29156: $rp_path does not respect SITECOOKIEPATH/COOKIEPATH
WordPress Trac
noreply at wordpress.org
Fri Aug 8 20:55:48 UTC 2014
#29156: $rp_path does not respect SITECOOKIEPATH/COOKIEPATH
------------------------------------+-----------------------------
Reporter: WALoeIII | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
In wp-login.php
The wp-resetpass- cookie is set if a user hits with a key. This value is
then transitioned to a cookie written with a path.
{{{#!php
list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true
);
}}}
In my installation with siteurl and home set to www.mydomain.com/blog this
results in a cookie with a path of /wp-login.php instead of /blog/wp-
login.php, as a result the user can never reset their password.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29156>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list