X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/baca9ce86a38dc54c4574890ee2d352fd81f78b2..61343b82c4f0da4c68e4c6373daafff4a81efdd1:/wp-login.php?ds=sidebyside diff --git a/wp-login.php b/wp-login.php index 209341fa..532ffd97 100644 --- a/wp-login.php +++ b/wp-login.php @@ -65,7 +65,16 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') { wp_admin_css( 'colors-fresh', true ); if ( wp_is_mobile() ) { ?> - get_error_code() ) { + ?> + + + + @@ -248,7 +264,7 @@ function retrieve_password() { $message = apply_filters('retrieve_password_message', $message, $key); if ( $message && !wp_mail($user_email, $title, $message) ) - wp_die( __('The e-mail could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function...') ); + wp_die( __('The e-mail could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function.') ); return true; } @@ -338,7 +354,7 @@ function register_new_user( $user_login, $user_email ) { $user_pass = wp_generate_password( 12, false); $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email ); if ( ! $user_id ) { - $errors->add( 'registerfail', sprintf( __( 'ERROR: Couldn’t register you... please contact the webmaster !' ), get_option( 'admin_email' ) ) ); + $errors->add( 'registerfail', sprintf( __( 'ERROR: Couldn’t register you… please contact the webmaster !' ), get_option( 'admin_email' ) ) ); return $errors; } @@ -386,6 +402,8 @@ do_action( 'login_init' ); do_action( 'login_form_' . $action ); $http_post = ('POST' == $_SERVER['REQUEST_METHOD']); +$interim_login = isset($_REQUEST['interim-login']); + switch ($action) { case 'postpass' : @@ -393,7 +411,7 @@ case 'postpass' : $hasher = new PasswordHash( 8, true ); // 10 days - setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); + setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); wp_safe_redirect( wp_get_referer() ); exit(); @@ -428,7 +446,7 @@ case 'retrievepassword' : do_action('lost_password'); login_header(__('Lost Password'), '

' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '

', $errors); - $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; + $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : ''; ?> @@ -445,7 +463,7 @@ case 'retrievepassword' :

- | + | %s', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>

@@ -482,7 +500,7 @@ case 'rp' : login_header(__('Reset Password'), '

' . __('Enter your new password below.') . '

', $errors ); ?> -

@@ -504,7 +522,7 @@ case 'rp' :

- | + | %s', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>

@@ -544,11 +562,11 @@ case 'register' :

- +

@@ -569,7 +587,6 @@ break; case 'login' : default: $secure_cookie = ''; - $interim_login = isset($_REQUEST['interim-login']); $customize_login = isset( $_REQUEST['customize-login'] ); if ( $customize_login ) wp_enqueue_script( 'customize-base' ); @@ -609,13 +626,8 @@ default: if ( !is_wp_error($user) && !$reauth ) { if ( $interim_login ) { $message = '

' . __('You have logged in successfully.') . '

'; + $interim_login = 'success'; login_header( '', $message ); ?> - - - -

- @@ -647,21 +659,26 @@ default: if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) ) $errors->add('test_cookie', __("ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.")); - // Some parts of this script use the main login form to display a message - if ( isset($_GET['loggedout']) && true == $_GET['loggedout'] ) - $errors->add('loggedout', __('You are now logged out.'), 'message'); - elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) - $errors->add('registerdisabled', __('User registration is currently not allowed.')); - elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) - $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); - elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) - $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); - elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) - $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); - elseif ( $interim_login ) - $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message'); - elseif ( strpos( $redirect_to, 'about.php?updated' ) ) - $errors->add('updated', __( 'You have successfully updated WordPress! Please log back in to experience the awesomeness.' ), 'message' ); + if ( $interim_login ) { + if ( ! $errors->get_error_code() ) + $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message'); + } else { + // Some parts of this script use the main login form to display a message + if ( isset($_GET['loggedout']) && true == $_GET['loggedout'] ) + $errors->add('loggedout', __('You are now logged out.'), 'message'); + elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) + $errors->add('registerdisabled', __('User registration is currently not allowed.')); + elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) + $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); + elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) + $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); + elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) + $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); + elseif ( strpos( $redirect_to, 'about.php?updated' ) ) + $errors->add('updated', __( 'You have successfully updated WordPress! Please log back in to experience the awesomeness.' ), 'message' ); + } + + $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); // Clear any stale cookies. if ( $reauth ) @@ -670,7 +687,7 @@ default: login_header(__('Log In'), '', $errors); if ( isset($_POST['log']) ) - $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : ''; + $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : ''; $rememberme = ! empty( $_POST['rememberme'] ); ?> @@ -699,14 +716,13 @@ default:

- +

- - - | - - - + + + %s', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?> | + +

@@ -735,6 +751,17 @@ d.select(); wp_attempt_focus(); if(typeof wpOnload=='function')wpOnload(); + +(function(){ +try { + var i, links = document.getElementsByTagName('a'); + for ( i in links ) { + if ( links[i].href ) + links[i].target = '_blank'; + } +} catch(e){} +}()); +