Option to force SSL. see #7561
git-svn-id: http://svn.automattic.com/wordpress/trunk@8701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
e0f519adc5
commit
203086a4de
|
|
@ -73,6 +73,10 @@ function edit_user( $user_id = 0 ) {
|
|||
else
|
||||
$user->rich_editing = 'false';
|
||||
|
||||
$user->use_ssl = 0;
|
||||
if ( !empty($_POST['use_ssl']) )
|
||||
$user->use_ssl = 1;
|
||||
|
||||
if ( !$update )
|
||||
$user->admin_color = 'fresh'; // Default to fresh for new users.
|
||||
else if ( isset( $_POST['admin_color'] ) )
|
||||
|
|
|
|||
|
|
@ -99,13 +99,24 @@ $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashe
|
|||
|
||||
$user_id = (int) $user_id;
|
||||
|
||||
if ( !$user_id )
|
||||
if ( !$user_id ) {
|
||||
if ( $is_profile_page ) {
|
||||
$current_user = wp_get_current_user();
|
||||
$user_id = $current_user->ID;
|
||||
} else {
|
||||
wp_die(__('Invalid user ID.'));
|
||||
}
|
||||
}
|
||||
|
||||
// Optional SSL preference that can be turned on by hooking to the 'personal_options' action
|
||||
function use_ssl_preference($user) {
|
||||
?>
|
||||
<tr>
|
||||
<th scope="row"><?php _e('Use https')?></th>
|
||||
<td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked('1', $user->use_ssl); ?> /> <?php _e('Always use https when visiting the admin'); ?></label></td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
|
||||
switch ($action) {
|
||||
case 'switchposts':
|
||||
|
|
@ -129,7 +140,7 @@ if ( $is_profile_page ) {
|
|||
|
||||
$errors = edit_user($user_id);
|
||||
|
||||
if( !is_wp_error( $errors ) ) {
|
||||
if ( !is_wp_error( $errors ) ) {
|
||||
$redirect = ($is_profile_page? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
|
||||
$redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
|
||||
wp_redirect($redirect);
|
||||
|
|
@ -140,7 +151,7 @@ default:
|
|||
$profileuser = get_user_to_edit($user_id);
|
||||
|
||||
if ( !current_user_can('edit_user', $user_id) )
|
||||
wp_die(__('You do not have permission to edit this user.'));
|
||||
wp_die(__('You do not have permission to edit this user.'));
|
||||
|
||||
include ('admin-header.php');
|
||||
?>
|
||||
|
|
@ -209,12 +220,14 @@ foreach ( $_wp_admin_css_colors as $color => $color_info ): ?>
|
|||
<?php endforeach; ?>
|
||||
</fieldset></td>
|
||||
</tr>
|
||||
<?php endif; ?>
|
||||
<?php
|
||||
endif;
|
||||
do_action('personal_options', $profileuser);
|
||||
?>
|
||||
</table>
|
||||
<?php
|
||||
if ( $is_profile_page ) {
|
||||
do_action('profile_personal_options');
|
||||
}
|
||||
if ( $is_profile_page )
|
||||
do_action('profile_personal_options', $profileuser);
|
||||
?>
|
||||
|
||||
<h3><?php _e('Name') ?></h3>
|
||||
|
|
|
|||
|
|
@ -703,8 +703,20 @@ function auth_redirect() {
|
|||
}
|
||||
}
|
||||
|
||||
if ( wp_validate_auth_cookie() )
|
||||
if ( $user_id = wp_validate_auth_cookie() ) {
|
||||
// If the user wants ssl but the session is not ssl, redirect.
|
||||
if ( !$secure && get_user_option('use_ssl', $user_id) ) {
|
||||
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
|
||||
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
|
||||
exit();
|
||||
} else {
|
||||
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
return; // The cookie is good so we're done
|
||||
}
|
||||
|
||||
// The cookie is no good so force login
|
||||
nocache_headers();
|
||||
|
|
|
|||
|
|
@ -158,6 +158,9 @@ function wp_insert_user($userdata) {
|
|||
$admin_color = 'fresh';
|
||||
$admin_color = preg_replace('|[^a-z0-9 _.\-@]|i', '', $admin_color);
|
||||
|
||||
if ( empty($use_ssl) )
|
||||
$use_ssl = 0;
|
||||
|
||||
if ( empty($user_registered) )
|
||||
$user_registered = gmdate('Y-m-d H:i:s');
|
||||
|
||||
|
|
@ -181,6 +184,7 @@ function wp_insert_user($userdata) {
|
|||
update_usermeta( $user_id, 'yim', $yim );
|
||||
update_usermeta( $user_id, 'rich_editing', $rich_editing);
|
||||
update_usermeta( $user_id, 'admin_color', $admin_color);
|
||||
update_usermeta( $user_id, 'use_ssl', $use_ssl);
|
||||
|
||||
if ( $update && isset($role) ) {
|
||||
$user = new WP_User($user_id);
|
||||
|
|
|
|||
29
wp-login.php
29
wp-login.php
|
|
@ -407,15 +407,30 @@ break;
|
|||
|
||||
case 'login' :
|
||||
default:
|
||||
if ( isset( $_REQUEST['redirect_to'] ) )
|
||||
$redirect_to = $_REQUEST['redirect_to'];
|
||||
else
|
||||
$redirect_to = admin_url();
|
||||
$secure_cookie = '';
|
||||
|
||||
if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
|
||||
// If the user wants ssl but the session is not ssl, force a secure cookie.
|
||||
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
|
||||
$user_name = sanitize_user($_POST['log']);
|
||||
if ( $user = get_userdatabylogin($user_name) ) {
|
||||
if ( get_user_option('use_ssl', $user->ID) ) {
|
||||
$secure_cookie = true;
|
||||
force_ssl_admin(true);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( isset( $_REQUEST['redirect_to'] ) ) {
|
||||
$redirect_to = $_REQUEST['redirect_to'];
|
||||
// Redirect to https if user wants ssl
|
||||
if ( $secure_cookie )
|
||||
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
|
||||
} else {
|
||||
$redirect_to = admin_url();
|
||||
}
|
||||
|
||||
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
|
||||
$secure_cookie = false;
|
||||
else
|
||||
$secure_cookie = '';
|
||||
|
||||
$user = wp_signon('', $secure_cookie);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue