Introduce post_password_expires filter to control the expiration of the post password cookie.

props Viper007Bond for initial patch. fixes #21466. Built from https://develop.svn.wordpress.org/trunk@25450 git-svn-id: http://core.svn.wordpress.org/trunk@25371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-22 21:04:57 +02:00 · 2013-09-16 17:40:10 +00:00 · 2013-09-16 17:40:10 +00:00 · 70edef0df4
commit 70edef0df4
parent d6f65fb147
1 changed files with 11 additions and 2 deletions
--- a/wp-login.php
+++ b/wp-login.php
@ -314,8 +314,17 @@ case 'postpass' :
 	require_once ABSPATH . 'wp-includes/class-phpass.php';
 	$hasher = new PasswordHash( 8, true );

-	// 10 days
-	setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
+	/**
+	 * Filter the life of the post password cookie.
+	 *
+	 * By default, the cookie expires 10 days from now.
+	 * To turn this into a session cookie, return 0.
+	 *
+	 * @since 3.7.0
+	 * @param int $expires The expiry time, as passed to setcookie().
+	 */
+	$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
+	setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );

 	wp_safe_redirect( wp_get_referer() );
 	exit();