<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[23805] trunk: Logged out warnings: add fallback text dialog for:</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://core.trac.wordpress.org/changeset/23805">23805</a></dd>
<dt>Author</dt> <dd>azaozz</dd>
<dt>Date</dt> <dd>2013-03-27 08:43:11 +0000 (Wed, 27 Mar 2013)</dd>
</dl>

<h3>Log Message</h3>
<pre>Logged out warnings: add fallback text dialog for:
- The login page has &quot;X-Frame-Options: DENY&quot; header.
- Cross-domain when displaying on the front-end on multisite with domain mapping.
- The site forces ssl login but not ssl admin.

Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See <a href="http://core.trac.wordpress.org/ticket/23295">#23295</a>.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadmincsswpadmincss">trunk/wp-admin/css/wp-admin.css</a></li>
<li><a href="#trunkwpincludesdefaultfiltersphp">trunk/wp-includes/default-filters.php</a></li>
<li><a href="#trunkwpincludesfunctionsphp">trunk/wp-includes/functions.php</a></li>
<li><a href="#trunkwpincludesscriptloaderphp">trunk/wp-includes/script-loader.php</a></li>
<li><a href="#trunkwploginphp">trunk/wp-login.php</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#trunkwpincludescsswpauthcheckcss">trunk/wp-includes/css/wp-auth-check.css</a></li>
<li><a href="#trunkwpincludescsswpauthcheckmincss">trunk/wp-includes/css/wp-auth-check.min.css</a></li>
<li><a href="#trunkwpincludesjswpauthcheckjs">trunk/wp-includes/js/wp-auth-check.js</a></li>
<li><a href="#trunkwpincludesjswpauthcheckminjs">trunk/wp-includes/js/wp-auth-check.min.js</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadmincsswpadmincss"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/css/wp-admin.css (23804 => 23805)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/css/wp-admin.css        2013-03-27 08:31:12 UTC (rev 23804)
+++ trunk/wp-admin/css/wp-admin.css        2013-03-27 08:43:11 UTC (rev 23805)
</span><span class="lines">@@ -7291,9 +7291,13 @@
</span><span class="cx">         width: auto;
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+body.interim-login {
+        height: auto;
+}
+
</ins><span class="cx"> .interim-login #login {
</span><span class="cx">         padding: 0;
</span><del>-        width: 300px;
</del><ins>+        margin: 25px auto 20px;
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> .interim-login.login h1 a {
</span></span></pre></div>
<a id="trunkwpincludescsswpauthcheckcss"></a>
<div class="addfile"><h4>Added: trunk/wp-includes/css/wp-auth-check.css (0 => 23805)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/css/wp-auth-check.css                                (rev 0)
+++ trunk/wp-includes/css/wp-auth-check.css        2013-03-27 08:43:11 UTC (rev 23805)
</span><span class="lines">@@ -0,0 +1,76 @@
</span><ins>+/*------------------------------------------------------------------------------
+ Interim login dialog
+------------------------------------------------------------------------------*/
+
+#wp-auth-check-wrap.hidden {
+        display: none;
+}
+
+#wp-auth-check-wrap #wp-auth-check-bg {
+        position: fixed;
+        top: 0;
+        bottom: 0;
+        left: 0;
+        right: 0;
+        background: #000;
+        opacity: 0.5;
+        filter: alpha(opacity=50);
+        z-index: 1000000;
+}
+
+#wp-auth-check-wrap #wp-auth-check {
+        position: fixed;
+        left: 50%;
+        overflow: hidden;
+        top: 40px;
+        bottom: 20px;
+        max-height: 435px;
+        width: 380px;
+        margin: 0 0 0 -190px;
+        padding: 0;
+        background-color: #fbfbfb;
+        -webkit-border-radius: 3px;
+        border-radius: 3px;
+        z-index: 1000001;
+}
+
+#wp-auth-check-wrap.fallback #wp-auth-check {
+        max-height: 180px;
+        overflow: auto;
+}
+
+#wp-auth-check-wrap #wp-auth-check-form {
+        background: url('../images/wpspin-2x.gif') no-repeat center center;
+        background-size: 16px 16px;
+        height: 100%;
+}
+
+#wp-auth-check-wrap #wp-auth-check-form iframe {
+        height: 100%;
+        width: 100%;
+        overflow: auto;
+}
+
+#wp-auth-check-wrap .wp-auth-check-close {
+        bottom: 10px;
+        display: none;
+        position: absolute;
+        right: 30px;
+}
+
+#wp-auth-check-wrap .wp-auth-fallback-expired {
+        outline: 0;
+}
+
+#wp-auth-check-wrap .wp-auth-fallback {
+        font-size: 14px;
+        line-height: 21px;
+        padding: 10px 25px;
+        display: none;
+}
+
+#wp-auth-check-wrap.fallback .wp-auth-fallback,
+#wp-auth-check-wrap.fallback .wp-auth-check-close {
+        display: block;
+}
+
</ins></span></pre></div>
<a id="trunkwpincludesdefaultfiltersphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/default-filters.php (23804 => 23805)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/default-filters.php        2013-03-27 08:31:12 UTC (rev 23804)
+++ trunk/wp-includes/default-filters.php        2013-03-27 08:43:11 UTC (rev 23805)
</span><span class="lines">@@ -295,6 +295,6 @@
</span><span class="cx"> add_filter( 'heartbeat_settings', 'wp_heartbeat_settings' );
</span><span class="cx"> 
</span><span class="cx"> // Check if the user is logged out
</span><del>-add_action( 'admin_init', 'wp_auth_check_load' );
</del><ins>+add_action( 'init', 'wp_auth_check_load' );
</ins><span class="cx"> 
</span><span class="cx"> unset($filter, $action);
</span></span></pre></div>
<a id="trunkwpincludesfunctionsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/functions.php (23804 => 23805)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/functions.php        2013-03-27 08:31:12 UTC (rev 23804)
+++ trunk/wp-includes/functions.php        2013-03-27 08:43:11 UTC (rev 23805)
</span><span class="lines">@@ -3887,43 +3887,69 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span><del>- * Load the auth check, for monitoring whether the user is still logged in
</del><ins>+ * Load the auth check for monitoring whether the user is still logged in.
+ * Can be disabled with remove_action( 'init', 'wp_auth_check_load' );
</ins><span class="cx">  *
</span><span class="cx">  * @since 3.6.0
</span><span class="cx">  *
</span><span class="cx">  * @return void
</span><span class="cx">  */
</span><span class="cx"> function wp_auth_check_load() {
</span><del>-        wp_enqueue_script( 'heartbeat' );
-        add_filter( 'heartbeat_received', 'wp_auth_check', 10, 2 );
-        add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 );
</del><ins>+        global $pagenow;
</ins><span class="cx"> 
</span><del>-        if ( is_admin() )
-                add_action( 'admin_print_footer_scripts', 'wp_auth_check_js' );
-        elseif ( is_user_logged_in() )
-                add_action( 'wp_print_footer_scripts', 'wp_auth_check_js' );
</del><ins>+        // Don't load for these types of requests
+        if ( defined('XMLRPC_REQUEST') || defined('IFRAME_REQUEST') || 'wp-login.php' == $pagenow )
+                return;
+
+        if ( is_admin() || is_user_logged_in() ) {
+                if ( defined('DOING_AJAX') ) {
+                        add_filter( 'heartbeat_received', 'wp_auth_check', 10, 2 );
+                        add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 );
+                } else {
+                        wp_enqueue_style( 'wp-auth-check' );
+                        wp_enqueue_script( 'wp-auth-check' );
+
+                        if ( is_admin() )
+                                add_action( 'admin_print_footer_scripts', 'wp_auth_check_html', 5 );
+                        else
+                                add_action( 'wp_print_footer_scripts', 'wp_auth_check_html', 5 );
+                }
+        }
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span><del>- * Output the JS that shows the wp-login iframe when the user is no longer logged in
</del><ins>+ * Output the HTML that shows the wp-login dialog when the user is no longer logged in
</ins><span class="cx">  */
</span><del>-function wp_auth_check_js() {
</del><ins>+function wp_auth_check_html() {
+        $login_url = wp_login_url();
+        $current_domain = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'];
+        $same_domain = ( strpos( $login_url, $current_domain ) === 0 );
+        
+        // Let plugins change this if they know better.
+        $same_domain = apply_filters( 'wp_auth_check_same_domain', $same_domain );
+        $wrap_class = $same_domain ? 'hidden' : 'hidden fallback';
+
</ins><span class="cx">         ?&gt;
</span><del>-        &lt;script type=&quot;text/javascript&quot;&gt;
-        (function($){
-        $( document ).on( 'heartbeat-tick.wp-auth-check', function( e, data ) {
-                var wrap = $('#wp-auth-check-notice-wrap');
</del><ins>+        &lt;div id=&quot;wp-auth-check-wrap&quot; class=&quot;&lt;?php echo $wrap_class; ?&gt;&quot;&gt;
+        &lt;div id=&quot;wp-auth-check-bg&quot;&gt;&lt;/div&gt;
+        &lt;div id=&quot;wp-auth-check&quot;&gt;
+        &lt;?php
</ins><span class="cx"> 
</span><del>-                if ( data['wp-auth-check-html'] &amp;&amp; ! wrap.length ) {
-                        $('body').append( data['wp-auth-check-html'] );
-                } else if ( !data['wp-auth-check-html'] &amp;&amp; wrap.length &amp;&amp; ! wrap.data('logged-in') ) {
-                        wrap.remove();
-                }
-        }).on( 'heartbeat-send.wp-auth-check', function( e, data ) {
-                data['wp-auth-check'] = 1;
-        });
-        }(jQuery));
-        &lt;/script&gt;
</del><ins>+        if ( $same_domain ) {
+                ?&gt;
+                &lt;div id=&quot;wp-auth-check-form&quot; data-src=&quot;&lt;?php echo esc_url( add_query_arg( array( 'interim-login' =&gt; 1 ), $login_url ) ); ?&gt;&quot;&gt;&lt;/div&gt;
+                &lt;?php
+        }
+
+        ?&gt;
+        &lt;div class=&quot;wp-auth-fallback&quot;&gt;
+                &lt;p&gt;&lt;b class=&quot;wp-auth-fallback-expired&quot; tabindex=&quot;0&quot;&gt;&lt;?php _e('Session expired'); ?&gt;&lt;/b&gt;&lt;/p&gt;
+                &lt;p&gt;&lt;a href=&quot;&lt;?php echo esc_url( $login_url ); ?&gt;&quot; target=&quot;_blank&quot;&gt;&lt;?php _e('Please log in again.'); ?&gt;&lt;/a&gt;
+                &lt;?php _e('The login page will open in a new window. After logging in you can close it and return to this page.'); ?&gt;&lt;/p&gt;
+        &lt;/div&gt;
+        &lt;p class=&quot;wp-auth-check-close&quot;&gt;&lt;a href=&quot;#&quot; class=&quot;button button-primary&quot;&gt;&lt;?php _e('Close'); ?&gt;&lt;/a&gt;&lt;/p&gt;
+        &lt;/div&gt;
+        &lt;/div&gt;
</ins><span class="cx">         &lt;?php
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -3940,86 +3966,8 @@
</span><span class="cx">         if ( is_user_logged_in() &amp;&amp; empty( $GLOBALS['login_grace_period'] ) )
</span><span class="cx">                 return $response;
</span><span class="cx"> 
</span><del>-        return array_merge( $response, array(
-                'wp-auth-check-html' =&gt; '&lt;div id=&quot;wp-auth-check-notice-wrap&quot;&gt;
-&lt;style type=&quot;text/css&quot; scoped&gt;
-#wp-auth-check {
-        position: fixed;
-        height: 90%;
-        left: 50%;
-        max-height: 415px;
-        overflow: auto;
-        top: 35px;
-        width: 300px;
-        margin: 0 0 0 -160px;
-        padding: 12px 20px;
-        border: 1px solid #ddd;
-        background-color: #fbfbfb;
-        -webkit-border-radius: 3px;
-        border-radius: 3px;
-        z-index: 1000000000;
</del><ins>+        return array_merge( $response, array( 'wp-auth-check' =&gt; '1' ) );
</ins><span class="cx"> }
</span><del>-#wp-auth-check-form {
-        background: url(&quot;' . admin_url('/images/wpspin_light-2x.gif') . '&quot;) no-repeat center center;
-        background-size: 16px 16px;
-}
-#wp-auth-check-form iframe {
-        height: 100%;
-        overflow: hidden;
-}
-#wp-auth-check a.wp-auth-check-close {
-        position: absolute;
-        right: 8px;
-        top: 8px;
-        width: 24px;
-        height: 24px;
-        background: url(&quot;' . includes_url('images/uploader-icons.png') . '&quot;) no-repeat scroll -95px center transparent;
-}
-#wp-auth-check h3 {
-        margin: 0 0 12px;
-        padding: 0;
-        font-size: 1.25em;
-}
-@media print,
-  (-o-min-device-pixel-ratio: 5/4),
-  (-webkit-min-device-pixel-ratio: 1.25),
-  (min-resolution: 120dpi) {
-        #wp-auth-check a.wp-auth-check-close {
-                background-image: url(&quot;' . includes_url('images/uploader-icons-2x.png') . '&quot;);
-                background-size: 134px 15px;
-        }
-}
-&lt;/style&gt;
-&lt;div id=&quot;wp-auth-check&quot; tabindex=&quot;0&quot;&gt;
-&lt;h3&gt;' .  __('Session expired') . '&lt;/h3&gt;
-&lt;a href=&quot;#&quot; class=&quot;wp-auth-check-close&quot;&gt;&lt;span class=&quot;screen-reader-text&quot;&gt;' . __('close') . '&lt;/span&gt;&lt;/a&gt;
-&lt;div id=&quot;wp-auth-check-form&quot;&gt;
-        &lt;iframe src=&quot;' . esc_url( add_query_arg( array( 'interim-login' =&gt; 1 ), wp_login_url() ) ) . '&quot; frameborder=&quot;0&quot;&gt;&lt;/iframe&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;script type=&quot;text/javascript&quot;&gt;
-(function($){
-var el, wrap = $(&quot;#wp-auth-check-notice-wrap&quot;);
-el = $(&quot;#wp-auth-check&quot;).focus().find(&quot;a.wp-auth-check-close&quot;).on(&quot;click&quot;, function(e){
-        el.fadeOut(200, function(){ wrap.remove(); });
-        e.preventDefault();
-});
-$(&quot;#wp-auth-check-form iframe&quot;).load(function(){
-        var height;
-        try { height = $(this.contentWindow.document).find(&quot;#login&quot;).height(); } catch(er){}
-        if ( height ) {
-                $(&quot;#wp-auth-check&quot;).css(&quot;max-height&quot;, height + 40 + &quot;px&quot;);
-                $(this).css(&quot;height&quot;, height + 5 + &quot;px&quot;);
-                if ( height &lt; 200 ) {
-                        wrap.data(&quot;logged-in&quot;, true);
-                        setTimeout( function(){ wrap.fadeOut(200, function(){ wrap.remove(); }); }, 5000 );
-                }
-        }
-});
-}(jQuery));
-&lt;/script&gt;
-&lt;/div&gt;' ) );
-}
</del><span class="cx"> 
</span><span class="cx"> /**
</span><span class="cx">  * Return RegEx body to liberally match an opening HTML tag that:
</span><span class="lines">@@ -4039,4 +3987,4 @@
</span><span class="cx">                 return;
</span><span class="cx"> 
</span><span class="cx">         return sprintf( '(&lt;%1$s[^&gt;]*(?:/?&gt;$|&gt;[\s\S]*?&lt;/%1$s&gt;))', tag_escape( $tag ) );
</span><del>-}
</del><span class="cx">\ No newline at end of file
</span><ins>+}
</ins></span></pre></div>
<a id="trunkwpincludesjswpauthcheckjs"></a>
<div class="addfile"><h4>Added: trunk/wp-includes/js/wp-auth-check.js (0 => 23805)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/js/wp-auth-check.js                                (rev 0)
+++ trunk/wp-includes/js/wp-auth-check.js        2013-03-27 08:43:11 UTC (rev 23805)
</span><span class="lines">@@ -0,0 +1,87 @@
</span><ins>+// Interim login dialog
+(function($){
+        var wrap;
+
+        function show() {
+                var parent = $('#wp-auth-check'), form = $('#wp-auth-check-form'), noframe = wrap.find('.wp-auth-fallback-expired'), frame, loaded = false;
+
+                if ( form.length ) {
+                        // Add unload confirmation to counter (frame-busting) JS redirects
+                        $(window).on( 'beforeunload.wp-auth-check', function(e) {
+                                e.originalEvent.returnValue = window.authcheckL10n.beforeunload;
+                        });
+
+                        // Add 'sandbox' for browsers that support it, only restrict access to the top window.
+                        frame = $('&lt;iframe id=&quot;wp-auth-check-frame&quot; sandbox=&quot;allow-same-origin allow-forms allow-scripts&quot; frameborder=&quot;0&quot;&gt;').attr( 'title', noframe.text() );
+                        frame.load( function(e) {
+                                var height, body;
+
+                                loaded = true;
+
+                                try {
+                                        body = $(this).contents().find('body');
+                                        height = body.height();
+                                } catch(e) {
+                                        wrap.addClass('fallback');
+                                        form.remove();
+                                        noframe.focus();
+                                }
+
+                                if ( height ) {
+                                        if ( body &amp;&amp; body.hasClass('interim-login-success') ) {
+                                                height += 35;
+                                                parent.find('.wp-auth-check-close').show();
+                                                wrap.data('logged-in', 1);
+                                                setTimeout( function() { hide(); }, 3000 );
+                                        }
+
+                                        parent.css( 'max-height', height + 60 + 'px' );
+                                }
+                        }).attr( 'src', form.data('src') );
+
+                        $('#wp-auth-check-form').append( frame );
+                }
+
+                wrap.removeClass('hidden');
+
+                if ( frame ) {
+                        frame.focus();
+                        // WebKit doesn't throw an error if the iframe fails to load because of &quot;X-Frame-Options: DENY&quot; header.
+                        // Wait for 5 sec. and switch to the fallback text.
+                        setTimeout( function() {
+                                if ( ! loaded ) {
+                                        wrap.addClass('fallback');
+                                        form.remove();
+                                        noframe.focus();
+                                }
+                        }, 5000 );
+                } else {
+                        noframe.focus();
+                }
+        }
+
+        function hide() {
+                $(window).off( 'beforeunload.wp-auth-check' );
+
+                wrap.fadeOut( 200, function() {
+                        wrap.addClass('hidden').css('display', '');
+                        $('#wp-auth-check-frame').remove();
+                });
+        }
+
+        $( document ).on( 'heartbeat-tick.wp-auth-check', function( e, data ) {
+                if ( data['wp-auth-check'] &amp;&amp; wrap.hasClass('hidden') ) {
+                        show();
+                } else if ( ! data['wp-auth-check'] &amp;&amp; ! wrap.hasClass('hidden') &amp;&amp; ! wrap.data('logged-in') ) {
+                        hide();
+                }
+        }).on( 'heartbeat-send.wp-auth-check', function( e, data ) {
+                data['wp-auth-check'] = 1;
+        }).ready( function() {
+                wrap = $('#wp-auth-check-wrap').data('logged-in', 0);
+                wrap.find('.wp-auth-check-close').on( 'click', function(e) {
+                        hide();
+                });
+        });
+
+}(jQuery));
</ins><span class="cx">Property changes on: trunk/wp-includes/js/wp-auth-check.js
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svneolstyle"></a>
<div class="addfile"><h4>Added: svn:eol-style</h4></div>
<a id="trunkwpincludesjswpauthcheckminjs"></a>
<div class="propset"><h4>Property changes: trunk/wp-includes/js/wp-auth-check.min.js</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svneolstyle"></a>
<div class="addfile"><h4>Added: svn:eol-style</h4></div>
<a id="trunkwpincludesscriptloaderphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/script-loader.php (23804 => 23805)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/script-loader.php        2013-03-27 08:31:12 UTC (rev 23804)
+++ trunk/wp-includes/script-loader.php        2013-03-27 08:43:11 UTC (rev 23805)
</span><span class="lines">@@ -113,6 +113,11 @@
</span><span class="cx">                 apply_filters( 'heartbeat_settings', array() )
</span><span class="cx">         );
</span><span class="cx"> 
</span><ins>+        $scripts-&gt;add( 'wp-auth-check', &quot;/wp-includes/js/wp-auth-check$suffix.js&quot;, array('heartbeat'), false, 1 );
+        did_action( 'init' ) &amp;&amp; $scripts-&gt;localize( 'wp-auth-check', 'authcheckL10n', array(
+                'beforeunload' =&gt; __('Your session has expired. You can log in again from this page or go to the login page.'),
+        ) );
+
</ins><span class="cx">         $scripts-&gt;add( 'wp-lists', &quot;/wp-includes/js/wp-lists$suffix.js&quot;, array( 'wp-ajax-response', 'jquery-color' ), false, 1 );
</span><span class="cx"> 
</span><span class="cx">         // WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source.
</span><span class="lines">@@ -543,6 +548,7 @@
</span><span class="cx">         $styles-&gt;add( 'customize-controls', &quot;/wp-admin/css/customize-controls$suffix.css&quot;, array( 'wp-admin', 'colors', 'ie' ) );
</span><span class="cx">         $styles-&gt;add( 'media-views', &quot;/wp-includes/css/media-views$suffix.css&quot;, array( 'buttons' ) );
</span><span class="cx">         $styles-&gt;add( 'buttons', &quot;/wp-includes/css/buttons$suffix.css&quot; );
</span><ins>+        $styles-&gt;add( 'wp-auth-check', &quot;/wp-includes/css/wp-auth-check$suffix.css&quot; );
</ins><span class="cx"> 
</span><span class="cx">         $styles-&gt;add( 'mediaelement', &quot;/wp-includes/js/mediaelement/mediaelementplayer$suffix.css&quot; );
</span><span class="cx">         $styles-&gt;add( 'wp-mediaelement', &quot;/wp-includes/js/mediaelement/wp-mediaelement.css&quot;, array( 'mediaelement' ) );
</span></span></pre></div>
<a id="trunkwploginphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-login.php (23804 => 23805)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-login.php        2013-03-27 08:31:12 UTC (rev 23804)
+++ trunk/wp-login.php        2013-03-27 08:43:11 UTC (rev 23805)
</span><span class="lines">@@ -48,10 +48,10 @@
</span><span class="cx">                 $wp_error = new WP_Error();
</span><span class="cx"> 
</span><span class="cx">         // Shake it!
</span><del>-        $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
</del><ins>+        $shake_error_codes = array( 'interim_login_error', 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
</ins><span class="cx">         $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
</span><span class="cx"> 
</span><del>-        if ( ! $interim_login &amp;&amp; $shake_error_codes &amp;&amp; $wp_error-&gt;get_error_code() &amp;&amp; in_array( $wp_error-&gt;get_error_code(), $shake_error_codes ) )
</del><ins>+        if ( $shake_error_codes &amp;&amp; $wp_error-&gt;get_error_code() &amp;&amp; in_array( $wp_error-&gt;get_error_code(), $shake_error_codes ) )
</ins><span class="cx">                 add_action( 'login_head', 'wp_shake_js', 12 );
</span><span class="cx"> 
</span><span class="cx">         ?&gt;&lt;!DOCTYPE html&gt;
</span><span class="lines">@@ -100,6 +100,12 @@
</span><span class="cx">                 // Don't allow interim logins to navigate away from the page.
</span><span class="cx">                 $login_header_url = '#';
</span><span class="cx">                 $classes[] = 'interim-login';
</span><ins>+                ?&gt;
+                &lt;style type=&quot;text/css&quot;&gt;html{background-color: transparent;}&lt;/style&gt;
+                &lt;?php
+
+                if ( 'success' ===  $interim_login )
+                        $classes[] = 'interim-login-success';
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         $classes = apply_filters( 'login_body_class', $classes, $action );
</span><span class="lines">@@ -624,6 +630,7 @@
</span><span class="cx">         if ( !is_wp_error($user) &amp;&amp; !$reauth ) {
</span><span class="cx">                 if ( $interim_login ) {
</span><span class="cx">                         $message = '&lt;p class=&quot;message&quot;&gt;' . __('You have logged in successfully.') . '&lt;/p&gt;';
</span><ins>+                        $interim_login = 'success';
</ins><span class="cx">                         login_header( '', $message ); ?&gt;
</span><span class="cx">                         &lt;/div&gt;
</span><span class="cx">                         &lt;?php do_action( 'login_footer' ); ?&gt;
</span><span class="lines">@@ -648,30 +655,43 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         $errors = $user;
</span><del>-        // Clear errors if loggedout or interim_login is set.
-        if ( !empty($_GET['loggedout']) || $reauth || $interim_login )
</del><ins>+        // Clear errors if loggedout is set.
+        if ( !empty($_GET['loggedout']) || $reauth )
</ins><span class="cx">                 $errors = new WP_Error();
</span><span class="cx"> 
</span><span class="cx">         // If cookies are disabled we can't log in even with a valid user+pass
</span><span class="cx">         if ( isset($_POST['testcookie']) &amp;&amp; empty($_COOKIE[TEST_COOKIE]) )
</span><span class="cx">                 $errors-&gt;add('test_cookie', __(&quot;&lt;strong&gt;ERROR&lt;/strong&gt;: Cookies are blocked or not supported by your browser. You must &lt;a href='http://www.google.com/cookies.html'&gt;enable cookies&lt;/a&gt; to use WordPress.&quot;));
</span><span class="cx"> 
</span><del>-        // Some parts of this script use the main login form to display a message
-        if                ( isset($_GET['loggedout']) &amp;&amp; true == $_GET['loggedout'] )
-                $errors-&gt;add('loggedout', __('You are now logged out.'), 'message');
-        elseif        ( isset($_GET['registration']) &amp;&amp; 'disabled' == $_GET['registration'] )
-                $errors-&gt;add('registerdisabled', __('User registration is currently not allowed.'));
-        elseif        ( isset($_GET['checkemail']) &amp;&amp; 'confirm' == $_GET['checkemail'] )
-                $errors-&gt;add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
-        elseif        ( isset($_GET['checkemail']) &amp;&amp; 'newpass' == $_GET['checkemail'] )
-                $errors-&gt;add('newpass', __('Check your e-mail for your new password.'), 'message');
-        elseif        ( isset($_GET['checkemail']) &amp;&amp; 'registered' == $_GET['checkemail'] )
-                $errors-&gt;add('registered', __('Registration complete. Please check your e-mail.'), 'message');
-        elseif        ( $interim_login )
-                $errors-&gt;add('expired', __('Please log in again. You will not move away from this page.'), 'message');
-        elseif ( strpos( $redirect_to, 'about.php?updated' ) )
-                $errors-&gt;add('updated', __( '&lt;strong&gt;You have successfully updated WordPress!&lt;/strong&gt; Please log back in to experience the awesomeness.' ), 'message' );
</del><ins>+        // Clear most errors if interim login
+        if ( $interim_login ) {
+                $error_code = $errors-&gt;get_error_code();
+                $errors = new WP_Error();
</ins><span class="cx"> 
</span><ins>+                if ( $error_code ) {
+                        if ( in_array( $error_code, array( 'empty_password', 'empty_username', 'invalid_username', 'incorrect_password' ) ) )
+                                $errors-&gt;add('interim_login_error', __('&lt;strong&gt;ERROR&lt;/strong&gt;: Invalid username or password.'));
+                        else
+                                $errors-&gt;add('interim_login_error_other', sprintf( __( '&lt;strong&gt;ERROR&lt;/strong&gt;: Please contact the site administrator or try to &lt;a href=&quot;%s&quot; target=&quot;_blank&quot;&gt;log in from a new window&lt;/a&gt;.' ), wp_login_url() ) );
+                } else {
+                        $errors-&gt;add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
+                }
+        } else {
+                // Some parts of this script use the main login form to display a message
+                if                ( isset($_GET['loggedout']) &amp;&amp; true == $_GET['loggedout'] )
+                        $errors-&gt;add('loggedout', __('You are now logged out.'), 'message');
+                elseif        ( isset($_GET['registration']) &amp;&amp; 'disabled' == $_GET['registration'] )
+                        $errors-&gt;add('registerdisabled', __('User registration is currently not allowed.'));
+                elseif        ( isset($_GET['checkemail']) &amp;&amp; 'confirm' == $_GET['checkemail'] )
+                        $errors-&gt;add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
+                elseif        ( isset($_GET['checkemail']) &amp;&amp; 'newpass' == $_GET['checkemail'] )
+                        $errors-&gt;add('newpass', __('Check your e-mail for your new password.'), 'message');
+                elseif        ( isset($_GET['checkemail']) &amp;&amp; 'registered' == $_GET['checkemail'] )
+                        $errors-&gt;add('registered', __('Registration complete. Please check your e-mail.'), 'message');
+                elseif ( strpos( $redirect_to, 'about.php?updated' ) )
+                        $errors-&gt;add('updated', __( '&lt;strong&gt;You have successfully updated WordPress!&lt;/strong&gt; Please log back in to experience the awesomeness.' ), 'message' );
+        }
+
</ins><span class="cx">         // Clear any stale cookies.
</span><span class="cx">         if ( $reauth )
</span><span class="cx">                 wp_clear_auth_cookie();
</span></span></pre>
</div>
</div>

</body>
</html>