Forcing SSL logins now forces SSL for the entire admin, with no middle ground.
fixes #10267. git-svn-id: https://develop.svn.wordpress.org/trunk@28609 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin
parent
06c142a1a5
commit
961459ee31
|
|
@ -247,16 +247,17 @@ function wp_ssl_constants() {
|
|||
/**
|
||||
* @since 2.6.0
|
||||
*/
|
||||
if ( !defined('FORCE_SSL_ADMIN') )
|
||||
define('FORCE_SSL_ADMIN', false);
|
||||
force_ssl_admin(FORCE_SSL_ADMIN);
|
||||
if ( !defined( 'FORCE_SSL_ADMIN' ) )
|
||||
define( 'FORCE_SSL_ADMIN', false );
|
||||
force_ssl_admin( FORCE_SSL_ADMIN );
|
||||
|
||||
/**
|
||||
* @since 2.6.0
|
||||
* @deprecated 4.0.0
|
||||
*/
|
||||
if ( !defined('FORCE_SSL_LOGIN') )
|
||||
define('FORCE_SSL_LOGIN', false);
|
||||
force_ssl_login(FORCE_SSL_LOGIN);
|
||||
if ( defined( 'FORCE_SSL_LOGIN' ) && FORCE_SSL_LOGIN ) {
|
||||
force_ssl_admin( true );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -3387,15 +3387,7 @@ function is_ssl() {
|
|||
* @return bool True if forced, false if not forced.
|
||||
*/
|
||||
function force_ssl_login( $force = null ) {
|
||||
static $forced = false;
|
||||
|
||||
if ( !is_null( $force ) ) {
|
||||
$old_forced = $forced;
|
||||
$forced = $force;
|
||||
return $old_forced;
|
||||
}
|
||||
|
||||
return $forced;
|
||||
return force_ssl_admin( $force );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -4305,9 +4297,6 @@ function wp_auth_check_html() {
|
|||
$current_domain = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'];
|
||||
$same_domain = ( strpos( $login_url, $current_domain ) === 0 );
|
||||
|
||||
if ( $same_domain && force_ssl_login() && ! force_ssl_admin() )
|
||||
$same_domain = false;
|
||||
|
||||
/**
|
||||
* Filter whether the authentication check originated at the same domain.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -2845,15 +2845,13 @@ function self_admin_url($path = '', $scheme = 'admin') {
|
|||
*/
|
||||
function set_url_scheme( $url, $scheme = null ) {
|
||||
$orig_scheme = $scheme;
|
||||
if ( ! in_array( $scheme, array( 'http', 'https', 'relative' ) ) ) {
|
||||
if ( ( 'login_post' == $scheme || 'rpc' == $scheme ) && ( force_ssl_login() || force_ssl_admin() ) )
|
||||
$scheme = 'https';
|
||||
elseif ( ( 'login' == $scheme ) && force_ssl_admin() )
|
||||
$scheme = 'https';
|
||||
elseif ( ( 'admin' == $scheme ) && force_ssl_admin() )
|
||||
$scheme = 'https';
|
||||
else
|
||||
$scheme = ( is_ssl() ? 'https' : 'http' );
|
||||
|
||||
if ( ! $scheme ) {
|
||||
$scheme = is_ssl() ? 'https' : 'http';
|
||||
} elseif ( $scheme === 'admin' || $scheme === 'login' || $scheme === 'login_post' || $scheme === 'rpc' ) {
|
||||
$scheme = is_ssl() || force_ssl_admin() ? 'https' : 'http';
|
||||
} elseif ( $scheme !== 'http' && $scheme !== 'https' && $scheme !== 'relative' ) {
|
||||
$scheme = is_ssl() ? 'https' : 'http';
|
||||
}
|
||||
|
||||
$url = trim( $url );
|
||||
|
|
|
|||
|
|
@ -741,12 +741,6 @@ default:
|
|||
|
||||
$reauth = empty($_REQUEST['reauth']) ? false : true;
|
||||
|
||||
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
|
||||
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
|
||||
// the admin via http or https.
|
||||
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
|
||||
$secure_cookie = false;
|
||||
|
||||
$user = wp_signon( '', $secure_cookie );
|
||||
|
||||
if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
|
||||
// tests for link-template.php and related URL functions
|
||||
/**
|
||||
* @group url
|
||||
*/
|
||||
class Tests_URL extends WP_UnitTestCase {
|
||||
var $_old_server;
|
||||
function setUp() {
|
||||
|
|
@ -264,9 +267,9 @@ class Tests_URL extends WP_UnitTestCase {
|
|||
$this->assertEquals( $http_links[ $i ], set_url_scheme( $link, 'rpc' ) );
|
||||
|
||||
force_ssl_login( true );
|
||||
$this->assertEquals( $http_links[ $i ], set_url_scheme( $link, 'admin' ) );
|
||||
$this->assertEquals( $https_links[ $i ], set_url_scheme( $link, 'admin' ) );
|
||||
$this->assertEquals( $https_links[ $i ], set_url_scheme( $link, 'login_post' ) );
|
||||
$this->assertEquals( $http_links[ $i ], set_url_scheme( $link, 'login' ) );
|
||||
$this->assertEquals( $https_links[ $i ], set_url_scheme( $link, 'login' ) );
|
||||
$this->assertEquals( $https_links[ $i ], set_url_scheme( $link, 'rpc' ) );
|
||||
|
||||
$i++;
|
||||
|
|
|
|||
Loading…
Reference in New Issue