sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Force reauth when auth_redirect() redirects to login. see #12142

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@14556 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2010-05-11 13:44:40 +00:00
parent 02dab1b7d6
commit dd9c60ef64
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
wp-includes/general-template.php
View File

@ -228,13 +228,17 @@ function wp_logout_url($redirect = '') {
* @uses apply_filters() calls 'login_url' hook on final login url * @uses apply_filters() calls 'login_url' hook on final login url
* *
* @param string $redirect Path to redirect to on login. * @param string $redirect Path to redirect to on login.
* @param bool $force_reauth Whether to force reauthorization, even if a cookie is present. Default is false.
* @return string A log in url
*/ */
function wp_login_url($redirect = '') { function wp_login_url($redirect = '', $force_reauth = false) {
$login_url = site_url('wp-login.php', 'login'); $login_url = site_url('wp-login.php', 'login');
if ( !empty($redirect) ) { if ( !empty($redirect) )
$login_url = add_query_arg('redirect_to', urlencode($redirect), $login_url); $login_url = add_query_arg('redirect_to', urlencode($redirect), $login_url);
}
if ( $force_reauth )
$login_url = add_query_arg('reauth', '1', $login_url);
return apply_filters('login_url', $login_url, $redirect); return apply_filters('login_url', $login_url, $redirect);
} }

2
wp-includes/pluggable.php
View File

@ -799,7 +799,7 @@ function auth_redirect() {
$redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$login_url = wp_login_url($redirect); $login_url = wp_login_url($redirect, true);
wp_redirect($login_url); wp_redirect($login_url);
exit(); exit();

10
wp-login.php
View File

@ -520,6 +520,8 @@ default:
$redirect_to = admin_url(); $redirect_to = admin_url();
} }
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https. // the admin via http or https.
@ -530,7 +532,7 @@ default:
$redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user); $redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
if ( !is_wp_error($user) ) { if ( !is_wp_error($user) && !$reauth ) {
if ( $interim_login ) { if ( $interim_login ) {
$message = '<p class="message">' . __('You have logged in successfully.') . '</p>'; $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
login_header( '', $message ); ?> login_header( '', $message ); ?>
@ -549,7 +551,7 @@ default:
$errors = $user; $errors = $user;
// Clear errors if loggedout is set. // Clear errors if loggedout is set.
if ( !empty($_GET['loggedout']) ) if ( !empty($_GET['loggedout']) || $reauth )
$errors = new WP_Error(); $errors = new WP_Error();
// If cookies are disabled we can't log in even with a valid user+pass // If cookies are disabled we can't log in even with a valid user+pass
@ -570,6 +572,10 @@ default:
elseif ( $interim_login ) elseif ( $interim_login )
$errors->add('expired', __('Your session has expired. Please log-in again.'), 'message'); $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
// Clear any stale cookies.
if ( $reauth )
wp_clear_auth_cookie();
login_header(__('Log In'), '', $errors); login_header(__('Log In'), '', $errors);
if ( isset($_POST['log']) ) if ( isset($_POST['log']) )