From ec4bcf70807acd277e835bddf38dcb136e07cd57 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 27 Nov 2007 08:03:33 +0000
Subject: [PATCH] Check if REQUEST_METHOD is POST rather than cheecking if
 _POST is empty to determine if we were called via POST.  Props xknown.  fixes
 #5365

git-svn-id: http://svn.automattic.com/wordpress/trunk@6345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-login.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/wp-login.php b/wp-login.php
index b6f60de30..a0817510a 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -68,7 +68,7 @@ function login_header($title = 'Login', $message = '') {
 	}
 } // End of login_header()
 
-
+$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
 switch ($action) {
 
 case 'logout' :
@@ -90,7 +90,7 @@ case 'retrievepassword' :
 	$user_login = '';
 	$user_pass = '';
 
-	if ( $_POST ) {
+	if ( $http_post ) {
 		if ( empty( $_POST['user_login'] ) )
 			$errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.');
 		if ( empty( $_POST['user_email'] ) )
@@ -212,7 +212,7 @@ case 'register' :
 		exit();
 	}
 
-	if ( $_POST ) {
+	if ( $http_post ) {
 		require_once( ABSPATH . WPINC . '/registration.php');
 
 		$user_login = sanitize_user( $_POST['user_login'] );
@@ -295,7 +295,7 @@ default:
 	else
 		$redirect_to = $_REQUEST['redirect_to'];
 
-	if ( $_POST ) {
+	if ( $http_post ) {
 		$user_login = $_POST['log'];
 		$user_login = sanitize_user( $user_login );
 		$user_pass  = $_POST['pwd'];
@@ -312,7 +312,7 @@ default:
 	do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass));
 
 	// If cookies are disabled we can't log in even with a valid user+pass
-	if ( $_POST && empty($_COOKIE[TEST_COOKIE]) )
+	if ( $http_post && empty($_COOKIE[TEST_COOKIE]) )
 		$errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.');
 
 	if ( $user_login && $user_pass && empty( $errors ) ) {
@@ -334,9 +334,9 @@ default:
 		}
 	}
 
-	if ( $_POST && empty( $user_login ) )
+	if ( $http_post && empty( $user_login ) )
 		$errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.');
-	if ( $_POST && empty( $user_pass ) )
+	if ( $http_post && empty( $user_pass ) )
 		$errors['user_pass'] = __('<strong>ERROR</strong>: The password field is empty.');
 
 	// Some parts of this script use the main login form to display a message