[wp-trac] [WordPress Trac] #16822: FORCE_SSL_LOGIN causes wp-login.php to have an incorrect https link
WordPress Trac
wp-trac at lists.automattic.com
Thu Mar 10 16:21:25 UTC 2011
#16822: FORCE_SSL_LOGIN causes wp-login.php to have an incorrect https link
--------------------------+-----------------------------
Reporter: dbvista | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
In this bug, the WordPress logo on the login screen incorrectly links to
an https URL. It is easy to reproduce.
First, define('FORCE_SSL_LOGIN', true) in wp-config.php. Then make sure
you are logged out of WordPress. (Note: I am running multisite - I don't
know if this matters or not.)
1. Visit /wp-login.php. Fill in WRONG credentials (misspell your password)
and click the Submit button.
2. wp-login.php redisplays as expected, this time with an https URL.
3. The WordPress logo on the form now links to https://your.site.com. If
you click it, you are visiting your site over SSL.
This should not happen. The WordPress logo (and any other links on the
login page) should render http URLs.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16822>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list