[wp-trac] [WordPress Trac] #16483: Visibility: password-protected exposes multiple pages

Thu Oct 27 17:58:01 UTC 2016

#16483: Visibility: password-protected exposes multiple pages
--------------------------------------------------+--------------------
 Reporter:  monkeyhouse                           |       Owner:
     Type:  defect (bug)                          |      Status:  new
 Priority:  normal                                |   Milestone:  4.7
Component:  Security                              |     Version:  3.0.4
 Severity:  normal                                |  Resolution:
 Keywords:  dev-feedback needs-testing has-patch  |     Focuses:
--------------------------------------------------+--------------------

Comment (by voldemortensen):

 Please ignore [attachment:16483.7.diff]. grunt-patch-wordpress did
 something I didn't expect.

 [attachment:16483.8.diff] adds a filter to the cookie name so that
 previous functionality can be restored.

 PoC mu-plugin to restore functionality:
 {{{#!php
 <?php
 function voldemortensen_reset_postpass_cookie_name($cookie) {
         return 'wp-postpass_' . COOKIEHASH;
 }
 add_filter('post_password_cookie',
 'voldemortensen_reset_postpass_cookie_name', 10, 3);
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16483#comment:26>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform