Logged out warnings: fix same domain comparison in wp_auth_check_html() when FORCE_SSL_LOGIN && ! FORCE_SSL_ADMIN. See #23295

git-svn-id: http://core.svn.wordpress.org/trunk@24266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2025-02-02 13:41:24 +01:00 · 2013-05-15 22:09:54 +00:00 · 2013-05-15 22:09:54 +00:00 · b1009b33c4
commit b1009b33c4
parent 3ac301c5d3
1 changed files with 4 additions and 1 deletions
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@ -3921,10 +3921,13 @@ function wp_auth_check_load() {
 * Output the HTML that shows the wp-login dialog when the user is no longer logged in
 */
 function wp_auth_check_html() {
-	$login_url = site_url( 'wp-login.php', 'login_post' );
+	$login_url = wp_login_url();
 	$current_domain = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'];
 	$same_domain = ( strpos( $login_url, $current_domain ) === 0 );

+	if ( $same_domain && force_ssl_login() && ! force_ssl_admin() )
+		$same_domain = false;
+
 	// Let plugins change this if they know better.
 	$same_domain = apply_filters( 'wp_auth_check_same_domain', $same_domain );
 	$wrap_class = $same_domain ? 'hidden' : 'hidden fallback';