Document impenetrable logic in login secure cookie and redirect handler. fixes #11643
git-svn-id: https://develop.svn.wordpress.org/trunk@12665 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
89784abc18
commit
c344d100bc
|
@ -477,6 +477,9 @@ default:
|
|||
$redirect_to = admin_url();
|
||||
}
|
||||
|
||||
// If the user was redirect to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
|
||||
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
|
||||
// the admin via http or https.
|
||||
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
|
||||
$secure_cookie = false;
|
||||
|
||||
|
|
Loading…
Reference in New Issue