sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Login and Registration: Avoid a potentially incorrect value for the cookie hash on multisite installations that don't have a value in the `siteurl` network option. 

This reverts [38619].

See #34084, #39497

Merges [40320] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40321 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2017-03-23 19:02:23 +00:00
parent 4eb0dcc64d
commit 8b23276a6a
2 changed files with 2 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/wp-admin/install.php
View File

@ -334,6 +334,7 @@ switch($step) {
$scripts_to_print[] = 'user-profile'; $scripts_to_print[] = 'user-profile';
display_header();
// Fill in the data we gathered // Fill in the data we gathered
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : ''; $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
$user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : ''; $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
@ -346,26 +347,21 @@ switch($step) {
$error = false; $error = false;
if ( empty( $user_name ) ) { if ( empty( $user_name ) ) {
// TODO: poka-yoke // TODO: poka-yoke
display_header();
display_setup_form( __( 'Please provide a valid username.' ) ); display_setup_form( __( 'Please provide a valid username.' ) );
$error = true; $error = true;
} elseif ( $user_name != sanitize_user( $user_name, true ) ) { } elseif ( $user_name != sanitize_user( $user_name, true ) ) {
display_header();
display_setup_form( __( 'The username you provided has invalid characters.' ) ); display_setup_form( __( 'The username you provided has invalid characters.' ) );
$error = true; $error = true;
} elseif ( $admin_password != $admin_password_check ) { } elseif ( $admin_password != $admin_password_check ) {
// TODO: poka-yoke // TODO: poka-yoke
display_header();
display_setup_form( __( 'Your passwords do not match. Please try again.' ) ); display_setup_form( __( 'Your passwords do not match. Please try again.' ) );
$error = true; $error = true;
} elseif ( empty( $admin_email ) ) { } elseif ( empty( $admin_email ) ) {
// TODO: poka-yoke // TODO: poka-yoke
display_header();
display_setup_form( __( 'You must provide an email address.' ) ); display_setup_form( __( 'You must provide an email address.' ) );
$error = true; $error = true;
} elseif ( ! is_email( $admin_email ) ) { } elseif ( ! is_email( $admin_email ) ) {
// TODO: poka-yoke // TODO: poka-yoke
display_header();
display_setup_form( __( 'Sorry, that isn&#8217;t a valid email address. Email addresses look like <code>username@example.com</code>.' ) ); display_setup_form( __( 'Sorry, that isn&#8217;t a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
$error = true; $error = true;
} }
@ -373,16 +369,6 @@ switch($step) {
if ( $error === false ) { if ( $error === false ) {
$wpdb->show_errors(); $wpdb->show_errors();
$result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language ); $result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );
// Log the user in and send them to wp-admin:
if ( ! headers_sent() ) {
wp_set_auth_cookie( $result['user_id'], true, is_ssl() );
wp_redirect( admin_url() );
exit;
}
// If headers have already been sent, fall back to a "Success!" message:
display_header();
?> ?>
<h1><?php _e( 'Success!' ); ?></h1> <h1><?php _e( 'Success!' ); ?></h1>

2
src/wp-includes/default-constants.php
View File

@ -205,7 +205,7 @@ function wp_cookie_constants() {
if ( $siteurl ) if ( $siteurl )
define( 'COOKIEHASH', md5( $siteurl ) ); define( 'COOKIEHASH', md5( $siteurl ) );
else else
define( 'COOKIEHASH', md5( wp_guess_url() ) ); define( 'COOKIEHASH', '' );
} }
/** /**