sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Document impenetrable logic in login secure cookie and redirect handler. fixes #11643 

git-svn-id: https://develop.svn.wordpress.org/trunk@12665 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2010-01-08 19:09:37 +00:00
parent 89784abc18
commit c344d100bc
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-login.php
View File

@ -477,6 +477,9 @@ default:
$redirect_to = admin_url();
}
// If the user was redirect to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
$secure_cookie = false;