From bfa0cc8b9188a9cfa135cb2b3071661a8ff17319 Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Thu, 23 Mar 2017 19:03:37 +0000 Subject: [PATCH] Login and Registration: Avoid a potentially incorrect value for the cookie hash on multisite installations that don't have a value in the `siteurl` network option. This reverts [38619]. See #34084, #39497 Merges [40320] to the 4.7 branch. Built from https://develop.svn.wordpress.org/branches/4.7@40321 git-svn-id: http://core.svn.wordpress.org/branches/4.7@40228 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/install.php | 16 +--------------- wp-includes/default-constants.php | 2 +- wp-includes/version.php | 2 +- 3 files changed, 3 insertions(+), 17 deletions(-) diff --git a/wp-admin/install.php b/wp-admin/install.php index ed9d06d19c..2b8099b30c 100644 --- a/wp-admin/install.php +++ b/wp-admin/install.php @@ -334,6 +334,7 @@ switch($step) { $scripts_to_print[] = 'user-profile'; + display_header(); // Fill in the data we gathered $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : ''; $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : ''; @@ -346,26 +347,21 @@ switch($step) { $error = false; if ( empty( $user_name ) ) { // TODO: poka-yoke - display_header(); display_setup_form( __( 'Please provide a valid username.' ) ); $error = true; } elseif ( $user_name != sanitize_user( $user_name, true ) ) { - display_header(); display_setup_form( __( 'The username you provided has invalid characters.' ) ); $error = true; } elseif ( $admin_password != $admin_password_check ) { // TODO: poka-yoke - display_header(); display_setup_form( __( 'Your passwords do not match. Please try again.' ) ); $error = true; } elseif ( empty( $admin_email ) ) { // TODO: poka-yoke - display_header(); display_setup_form( __( 'You must provide an email address.' ) ); $error = true; } elseif ( ! is_email( $admin_email ) ) { // TODO: poka-yoke - display_header(); display_setup_form( __( 'Sorry, that isn’t a valid email address. Email addresses look like username@example.com.' ) ); $error = true; } @@ -373,16 +369,6 @@ switch($step) { if ( $error === false ) { $wpdb->show_errors(); $result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language ); - - // Log the user in and send them to wp-admin: - if ( ! headers_sent() ) { - wp_set_auth_cookie( $result['user_id'], true, is_ssl() ); - wp_redirect( admin_url() ); - exit; - } - - // If headers have already been sent, fall back to a "Success!" message: - display_header(); ?>

diff --git a/wp-includes/default-constants.php b/wp-includes/default-constants.php index b8a73bc0d4..dcad997a73 100644 --- a/wp-includes/default-constants.php +++ b/wp-includes/default-constants.php @@ -205,7 +205,7 @@ function wp_cookie_constants() { if ( $siteurl ) define( 'COOKIEHASH', md5( $siteurl ) ); else - define( 'COOKIEHASH', md5( wp_guess_url() ) ); + define( 'COOKIEHASH', '' ); } /** diff --git a/wp-includes/version.php b/wp-includes/version.php index 4f22cdf12d..4326c0a365 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.7.4-alpha-40291'; +$wp_version = '4.7.4-alpha-40321'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.