Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-28 15:17:42 +02:00
Code Issues Projects Releases Wiki Activity

Logged out warnings:

Browse Source 
- Don't use <base> tag to set target="_blank". It can break form submission. Instead, set target only on links with JS.
- Fix same domain comparison in wp_auth_check_html() when FORCE_SSL_LOGIN == true.
- Properly show/hide the "Close" button when the dialog is shown multiple times.
See #23295

git-svn-id: http://core.svn.wordpress.org/trunk@24208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Ozz 2013-05-08 22:45:58 +00:00
parent 57c10eadbb
commit 19c3b4bfdc
3 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/functions.php
View File

@ -3921,7 +3921,7 @@ function wp_auth_check_load() {
* Output the HTML that shows the wp-login dialog when the user is no longer logged in * Output the HTML that shows the wp-login dialog when the user is no longer logged in
*/ */
function wp_auth_check_html() { function wp_auth_check_html() {
$login_url = wp_login_url(); $login_url = site_url( 'wp-login.php', 'login_post' );
$current_domain = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST']; $current_domain = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'];
$same_domain = ( strpos( $login_url, $current_domain ) === 0 ); $same_domain = ( strpos( $login_url, $current_domain ) === 0 );

2
wp-includes/js/wp-auth-check.js
View File

@ -64,7 +64,7 @@
$(window).off( 'beforeunload.wp-auth-check' ); $(window).off( 'beforeunload.wp-auth-check' );
wrap.fadeOut( 200, function() { wrap.fadeOut( 200, function() {
wrap.addClass('hidden').css('display', ''); wrap.addClass('hidden').css('display', '').find('.wp-auth-check-close').css('display', '');
$('#wp-auth-check-frame').remove(); $('#wp-auth-check-frame').remove();
}); });
} }

16
wp-login.php
View File

@ -100,7 +100,6 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
$classes[] = 'interim-login'; $classes[] = 'interim-login';
?> ?>
<style type="text/css">html{background-color: transparent;}</style> <style type="text/css">html{background-color: transparent;}</style>
<base target="_blank">
<?php <?php
if ( 'success' === $interim_login ) if ( 'success' === $interim_login )
@ -663,9 +662,7 @@ default:
if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) ) if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.")); $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
$form_target = '';
if ( $interim_login ) { if ( $interim_login ) {
$form_target = ' target="_self"';
if ( ! $errors->get_error_code() ) if ( ! $errors->get_error_code() )
$errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message'); $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
} else { } else {
@ -697,7 +694,7 @@ default:
$rememberme = ! empty( $_POST['rememberme'] ); $rememberme = ! empty( $_POST['rememberme'] );
?> ?>
<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"<?php echo $form_target; ?>> <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
<p> <p>
<label for="user_login"><?php _e('Username') ?><br /> <label for="user_login"><?php _e('Username') ?><br />
<input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label> <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
@ -757,6 +754,17 @@ d.select();
wp_attempt_focus(); wp_attempt_focus();
<?php } ?> <?php } ?>
if(typeof wpOnload=='function')wpOnload(); if(typeof wpOnload=='function')wpOnload();
<?php if ( $interim_login ) { ?>
(function(){
try {
var i, links = document.getElementsByTagName('a');
for ( i in links ) {
if ( links[i].href )
links[i].target = '_blank';
}
} catch(e){}
}());
<?php } ?>
</script> </script>
<?php <?php