Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-01-23 16:51:32 +01:00
Code Issues Projects Releases Wiki Activity

Document impenetrable logic in login secure cookie and redirect handler. fixes #11643

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2010-01-08 19:09:37 +00:00
parent de5cecc69d
commit a521ef3bae
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-login.php
View File

@ -477,6 +477,9 @@ default:
$redirect_to = admin_url();
}
// If the user was redirect to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
$secure_cookie = false;