[wp-trac] [WordPress Trac] #29641: Password protected posts not working - secure cookie flag
WordPress Trac
noreply at wordpress.org
Fri Sep 12 12:22:40 UTC 2014
#29641: Password protected posts not working - secure cookie flag
------------------------------------+-----------------------------
Reporter: bajro | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.0
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
Hello,
password protected posts no longer work on a http connection due to the
secure cookie flag. What do you think about the following solution:
{{{
Index: wp-login.php
===================================================================
--- wp-login.php (revision 545)
+++ wp-login.php (working copy)
@@ -469,7 +469,7 @@
* @param int $expires The expiry time, as passed to setcookie().
*/
$expire = apply_filters( 'post_password_expires', time() + 10 *
DAY_IN_SECONDS );
- $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
+ $secure = ( $secure_cookie ) ? ( 'https' === parse_url(
home_url(), PHP_URL_SCHEME ) ) : false;
setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword(
wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH,
COOKIE_DOMAIN, $secure );
wp_safe_redirect( wp_get_referer() );
}}}
Why force secure flag if user doesn't have SSL certificate?
BR,
--
Bajro
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29641>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list