[wp-testers] WP-login form actions
Sean Hayford O'Leary
sdho at sdho.org
Tue Jan 23 05:29:36 GMT 2007
I was thinking about this situation. Say you have your WP install at
http://site.com but have SSL and wish to encrypt your password when
you log in (for good reason). So you set the WordPress address to
httpS://site.com and log in at httpS://site.com/wp-login.php.
This works fine. BUT if you log in at http://site.com/wp-login.php
(which is not exactly unlikely -- many users append "wp-login.php"
when visiting their blog) it won't send the information to
httpS://site.com/wp-login.php, it'll send it to
http://site.com/wp-login.php. Sorry for the capital Ss, didn't want
any confusion. Of course it's not just SSL -- any time you have that
same file accessible from more than one address, problems arise.
So, would there be any problem with using the wpurl setting when
sending the form? Like on line 344, instead of:
<form name="loginform" id="loginform" action="wp-login.php" method="post">
we had
<form name="loginform" id="loginform" action="<?php
bloginfo('wpurl'); ?>/wp-login.php" method="post">
What do you guys think?
--
Sean Hayford O'Leary
http://sdho.org
More information about the wp-testers
mailing list