diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php index 67b6c5083..3eed04df4 100644 --- a/wp-includes/post-template.php +++ b/wp-includes/post-template.php @@ -1220,7 +1220,7 @@ function prepend_attachment($content) { function get_the_password_form() { global $post; $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); - $output = '
+ $output = '

' . __("This post is password protected. To view it please enter your password below:") . '

diff --git a/wp-login.php b/wp-login.php index 5a9d6dbdb..dd62918ac 100644 --- a/wp-login.php +++ b/wp-login.php @@ -350,7 +350,7 @@ if ( isset($_GET['key']) ) $action = 'resetpass'; // validate action so as to default to the login screen -if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) ) +if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) $action = 'login'; nocache_headers(); @@ -378,6 +378,21 @@ do_action( 'login_form_' . $action ); $http_post = ('POST' == $_SERVER['REQUEST_METHOD']); switch ($action) { +case 'postpass' : + if ( empty( $wp_hasher ) ) { + require_once( ABSPATH . 'wp-includes/class-phpass.php' ); + // By default, use the portable hash from phpass + $wp_hasher = new PasswordHash(8, true); + } + + // 10 days + setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); + + wp_safe_redirect( wp_get_referer() ); + exit(); + +break; + case 'logout' : check_admin_referer('log-out'); wp_logout(); diff --git a/wp-pass.php b/wp-pass.php deleted file mode 100644 index 39ac44874..000000000 --- a/wp-pass.php +++ /dev/null @@ -1,22 +0,0 @@ -HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); - -wp_safe_redirect( wp_get_referer() ); -exit;