From a58d80bbc127645dbca5a6b104f83c08f4efb357 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Mon, 16 Sep 2013 17:39:30 +0000
Subject: [PATCH] Introduce post_password_expires filter to control the
 expiration of the post password cookie.

props Viper007Bond for initial patch.
fixes #21466.


git-svn-id: https://develop.svn.wordpress.org/trunk@25450 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-login.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/wp-login.php b/src/wp-login.php
index 04307353f3..3cda41c3ff 100644
--- a/src/wp-login.php
+++ b/src/wp-login.php
@@ -314,8 +314,17 @@ case 'postpass' :
 	require_once ABSPATH . 'wp-includes/class-phpass.php';
 	$hasher = new PasswordHash( 8, true );
 
-	// 10 days
-	setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
+	/**
+	 * Filter the life of the post password cookie.
+	 *
+	 * By default, the cookie expires 10 days from now.
+	 * To turn this into a session cookie, return 0.
+	 *
+	 * @since 3.7.0
+	 * @param int $expires The expiry time, as passed to setcookie().
+	 */
+	$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
+	setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
 
 	wp_safe_redirect( wp_get_referer() );
 	exit();