]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-login.php
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Wordpress 2.0.4
[autoinstalls/wordpress.git] / wp-login.php
diff --git a/wp-login.php b/wp-login.php
index 0864edbd07dfe14600357a35531ced319a516cc9..3a45bc9ea02b94c24ce5da6bd2e86e1374d808e5 100644 (file)
--- a/wp-login.php
+++ b/wp-login.php
@@ -27,7 +27,7 @@ case 'logout':
 
        $redirect_to = 'wp-login.php';
        if ( isset($_REQUEST['redirect_to']) )
-               $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_REQUEST['redirect_to']);
+               $redirect_to = $_REQUEST['redirect_to'];
                        
        wp_redirect($redirect_to);
        exit();
@@ -170,19 +170,18 @@ default:
                $redirect_to = 'wp-admin/';
        else
                $redirect_to = $_REQUEST['redirect_to'];
-       $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $redirect_to);
 
        if( $_POST ) {
                $user_login = $_POST['log'];
                $user_login = sanitize_user( $user_login );
                $user_pass  = $_POST['pwd'];
                $rememberme = $_POST['rememberme'];
-       } elseif ( !empty($_COOKIE) ) {
-               if ( !empty($_COOKIE[USER_COOKIE]) )
-                       $user_login = $_COOKIE[USER_COOKIE];
-               if ( !empty($_COOKIE[PASS_COOKIE]) ) {
-                       $user_pass = $_COOKIE[PASS_COOKIE];
+       } else {
+               $cookie_login = wp_get_cookie_login();
+               if ( ! empty($cookie_login) ) {
                        $using_cookie = true;
+                       $user_login = $cookie_login['login'];
+                       $user_pass = $cookie_login['password'];
                }
        }
 
@@ -205,6 +204,8 @@ default:
                        if ( $using_cookie )                    
                                $error = __('Your session has expired.');
                }
+       } else if ( $user_login || $user_pass ) {
+               $error = __('<strong>Error</strong>: The password field is empty.');
        }
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -237,7 +238,7 @@ if ( $error )
   <?php _e('Remember me'); ?></label></p>
 <p class="submit">
        <input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> &raquo;" tabindex="4" />
-       <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
+       <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" />
 </p>
 </form>
 <ul>
WordPress autoinstaller for phpBB