mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-01 15:50:09 +00:00
First cut and better admin SSL support. see #7001
git-svn-id: https://develop.svn.wordpress.org/trunk@7998 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -1765,4 +1765,7 @@ function validate_file( $file, $allowed_files = '' ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
function is_ssl() {
|
||||
return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -1139,7 +1139,7 @@ function wp_admin_css_uri( $file = 'wp-admin' ) {
|
||||
if ( defined('WP_INSTALLING') ) {
|
||||
$_file = "./$file.css";
|
||||
} else {
|
||||
$_file = get_option( 'siteurl' ) . "/wp-admin/$file.css";
|
||||
$_file = admin_url("$file.css");
|
||||
}
|
||||
$_file = add_query_arg( 'version', get_bloginfo( 'version' ), $_file );
|
||||
|
||||
|
||||
@@ -774,4 +774,42 @@ function get_shortcut_link() {
|
||||
|
||||
return apply_filters('shortcut_link', $link);
|
||||
}
|
||||
|
||||
// return the site_url option, using https if is_ssl() is true
|
||||
// if $scheme is 'http' or 'https' it will override is_ssl()
|
||||
function site_url($path = '', $scheme = null) {
|
||||
// should the list of allowed schemes be maintained elsewhere?
|
||||
if ( !in_array($scheme, array('http', 'https')) )
|
||||
$scheme = ( is_ssl() ? 'https' : 'http' );
|
||||
|
||||
$url = str_replace( 'http://', "{$scheme}://", get_option('siteurl') );
|
||||
|
||||
if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
|
||||
$url .= '/' . ltrim($path, '/');
|
||||
|
||||
return $url;
|
||||
}
|
||||
|
||||
function admin_url($path = '') {
|
||||
global $_wp_admin_url;
|
||||
|
||||
$url = site_url() . '/wp-admin/';
|
||||
|
||||
if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
|
||||
$url .= ltrim($path, '/');
|
||||
|
||||
return $url;
|
||||
}
|
||||
|
||||
function includes_url($path = '') {
|
||||
global $_wp_includes_url;
|
||||
|
||||
$url = site_url() . '/' . WPINC . '/';
|
||||
|
||||
if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
|
||||
$url .= ltrim($path, '/');
|
||||
|
||||
return $url;
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
@@ -306,7 +306,7 @@ function wp_get_attachment_image_src($attachment_id, $size='thumbnail', $icon =
|
||||
return $image;
|
||||
|
||||
if ( $icon && $src = wp_mime_type_icon($attachment_id) ) {
|
||||
$icon_dir = apply_filters( 'icon_dir', ABSPATH . WPINC . '/images/crystal' );
|
||||
$icon_dir = apply_filters( 'icon_dir', includes_url('images/crystal') );
|
||||
$src_file = $icon_dir . '/' . basename($src);
|
||||
@list($width, $height) = getimagesize($src_file);
|
||||
}
|
||||
|
||||
@@ -469,9 +469,14 @@ if ( !function_exists('wp_validate_auth_cookie') ) :
|
||||
*/
|
||||
function wp_validate_auth_cookie($cookie = '') {
|
||||
if ( empty($cookie) ) {
|
||||
if ( empty($_COOKIE[AUTH_COOKIE]) )
|
||||
if ( is_ssl() )
|
||||
$cookie_name = SECURE_AUTH_COOKIE;
|
||||
else
|
||||
$cookie_name = AUTH_COOKIE;
|
||||
|
||||
if ( empty($_COOKIE[$cookie_name]) )
|
||||
return false;
|
||||
$cookie = $_COOKIE[AUTH_COOKIE];
|
||||
$cookie = $_COOKIE[$cookie_name];
|
||||
}
|
||||
|
||||
$cookie_elements = explode('|', $cookie);
|
||||
@@ -514,9 +519,10 @@ if ( !function_exists('wp_generate_auth_cookie') ) :
|
||||
*
|
||||
* @param int $user_id User ID
|
||||
* @param int $expiration Cookie expiration in seconds
|
||||
* @param bool $secure Whether the cookie is for https delivery only or not. Not used by default. For plugin use.
|
||||
* @return string Authentication cookie contents
|
||||
*/
|
||||
function wp_generate_auth_cookie($user_id, $expiration) {
|
||||
function wp_generate_auth_cookie($user_id, $expiration, $secure = false) {
|
||||
$user = get_userdata($user_id);
|
||||
|
||||
$key = wp_hash($user->user_login . '|' . $expiration);
|
||||
@@ -524,7 +530,7 @@ function wp_generate_auth_cookie($user_id, $expiration) {
|
||||
|
||||
$cookie = $user->user_login . '|' . $expiration . '|' . $hash;
|
||||
|
||||
return apply_filters('auth_cookie', $cookie, $user_id, $expiration);
|
||||
return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $secure);
|
||||
}
|
||||
endif;
|
||||
|
||||
@@ -550,13 +556,21 @@ function wp_set_auth_cookie($user_id, $remember = false) {
|
||||
$expire = 0;
|
||||
}
|
||||
|
||||
$cookie = wp_generate_auth_cookie($user_id, $expiration);
|
||||
if ( is_ssl() ) {
|
||||
$secure = true;
|
||||
$cookie_name = SECURE_AUTH_COOKIE;
|
||||
} else {
|
||||
$secure = false;
|
||||
$cookie_name = AUTH_COOKIE;
|
||||
}
|
||||
|
||||
do_action('set_auth_cookie', $cookie, $expire);
|
||||
$cookie = wp_generate_auth_cookie($user_id, $expiration, $secure);
|
||||
|
||||
setcookie(AUTH_COOKIE, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
|
||||
do_action('set_auth_cookie', $cookie, $expire, $secure);
|
||||
|
||||
setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
|
||||
if ( COOKIEPATH != SITECOOKIEPATH )
|
||||
setcookie(AUTH_COOKIE, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
|
||||
}
|
||||
endif;
|
||||
|
||||
@@ -569,6 +583,8 @@ if ( !function_exists('wp_clear_auth_cookie') ) :
|
||||
function wp_clear_auth_cookie() {
|
||||
setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||
|
||||
// Old cookies
|
||||
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||
@@ -604,14 +620,36 @@ if ( !function_exists('auth_redirect') ) :
|
||||
*/
|
||||
function auth_redirect() {
|
||||
// Checks if a user is logged in, if not redirects them to the login page
|
||||
if ( (!empty($_COOKIE[AUTH_COOKIE]) &&
|
||||
!wp_validate_auth_cookie($_COOKIE[AUTH_COOKIE])) ||
|
||||
(empty($_COOKIE[AUTH_COOKIE])) ) {
|
||||
nocache_headers();
|
||||
|
||||
wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
|
||||
exit();
|
||||
if ( is_ssl() || (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )
|
||||
$secure = true;
|
||||
else
|
||||
$secure = false;
|
||||
|
||||
// If https is required and request is http, redirect
|
||||
if ( $secure && !is_ssl() ) {
|
||||
if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) {
|
||||
wp_redirect(str_replace('http://', 'https://', $_SERVER['REQUEST_URI']));
|
||||
exit();
|
||||
} else {
|
||||
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
if ( wp_validate_auth_cookie() )
|
||||
return; // The cookie is good so we're done
|
||||
|
||||
// The cookie is no good so force login
|
||||
nocache_headers();
|
||||
|
||||
$login_url = get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
|
||||
|
||||
// Redirect to https if connection is secure
|
||||
if ( $secure )
|
||||
$login_url = str_replace('http://', 'https://', $login_url);
|
||||
wp_redirect($login_url);
|
||||
exit();
|
||||
}
|
||||
endif;
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ require( ABSPATH . WPINC . '/class.wp-styles.php' );
|
||||
require( ABSPATH . WPINC . '/functions.wp-styles.php' );
|
||||
|
||||
function wp_default_scripts( &$scripts ) {
|
||||
$scripts->base_url = get_option( 'siteurl' );
|
||||
$scripts->base_url = site_url();
|
||||
$scripts->default_version = get_bloginfo( 'version' );
|
||||
|
||||
$scripts->add( 'common', '/wp-admin/js/common.js', array('jquery'), '20080318' );
|
||||
@@ -50,7 +50,7 @@ function wp_default_scripts( &$scripts ) {
|
||||
|
||||
$scripts->add( 'wp-lists', '/wp-includes/js/wp-lists.js', array('wp-ajax-response'), '20080411' );
|
||||
$scripts->localize( 'wp-lists', 'wpListL10n', array(
|
||||
'url' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php'
|
||||
'url' => admin_url('admin-ajax.php')
|
||||
) );
|
||||
|
||||
$scripts->add( 'scriptaculous-root', '/wp-includes/js/scriptaculous/scriptaculous.js', array('prototype'), '1.8.0');
|
||||
@@ -129,11 +129,11 @@ function wp_default_scripts( &$scripts ) {
|
||||
$scripts->add( 'upload', '/wp-admin/js/upload.js', array('jquery'), '20070518' );
|
||||
$scripts->add( 'postbox', '/wp-admin/js/postbox.js', array('jquery'), '20080128' );
|
||||
$scripts->localize( 'postbox', 'postboxL10n', array(
|
||||
'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
|
||||
'requestFile' => admin_url('admin-ajax.php'),
|
||||
) );
|
||||
$scripts->add( 'slug', '/wp-admin/js/slug.js', array('jquery'), '20080208' );
|
||||
$scripts->localize( 'slug', 'slugL10n', array(
|
||||
'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
|
||||
'requestFile' => admin_url('admin-ajax.php'),
|
||||
'save' => __('Save'),
|
||||
'cancel' => __('Cancel'),
|
||||
) );
|
||||
@@ -204,7 +204,7 @@ function wp_default_scripts( &$scripts ) {
|
||||
}
|
||||
|
||||
function wp_default_styles( &$styles ) {
|
||||
$styles->base_url = get_option( 'siteurl' );
|
||||
$styles->base_url = site_url();
|
||||
$styles->default_version = get_bloginfo( 'version' );
|
||||
$styles->text_direction = 'rtl' == get_bloginfo( 'text_direction' ) ? 'rtl' : 'ltr';
|
||||
|
||||
@@ -258,7 +258,7 @@ function wp_just_in_time_script_localization() {
|
||||
'autosaveInterval' => AUTOSAVE_INTERVAL,
|
||||
'previewPageText' => __('Preview this Page'),
|
||||
'previewPostText' => __('Preview this Post'),
|
||||
'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
|
||||
'requestFile' => admin_url('admin-ajax.php'),
|
||||
'savingText' => __('Saving Draft…')
|
||||
) );
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user