Password Protected - Version 2.4

Version Description

  • Add a Nocache header to the login page redirect to prevent the browser from caching the redirect page. Props De'Yonte W.
  • Remove password-protected query from redirects on successful login or logout.
  • Check "redirect_to" query var is set in hidden form field. Props Matthias Kittsteiner.
  • Add favicon to password protected login page.
Download this release

Release Info

Developer husobj
Plugin Icon 128x128 Password Protected
Version 2.4
Comparing to
See all releases

Code changes from version 2.3 to 2.4

Files changed (6) hide show
  1. CHANGELOG.md +11 -2
  2. README.md +3 -0
  3. languages/password-protected.pot +75 -46
  4. password-protected.php +12 -3
  5. readme.txt +12 -3
  6. theme/password-protected-login.php +1 -1
CHANGELOG.md CHANGED
@@ -2,6 +2,14 @@
2
  All notable changes to this project will be documented in this file.
3
  This project adheres to [Semantic Versioning](http://semver.org/).
4
 
 
 
 
 
 
 
 
 
5
  ## [2.3] - 2020-05-17
6
 
7
  ### Added
@@ -238,8 +246,9 @@ Check that `$_SERVER['REMOTE_ADDR']` is set.
238
  ### Added
239
  - First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
240
 
241
- [Unreleased]: https://github.com/benhuson/password-protected/compare/2.3...HEAD
242
- [2.2.5]: https://github.com/benhuson/password-protected/compare/2.2.5...2.3
 
243
  [2.2.5]: https://github.com/benhuson/password-protected/compare/2.2.4...2.2.5
244
  [2.2.4]: https://github.com/benhuson/password-protected/compare/2.2.3...2.2.4
245
  [2.2.3]: https://github.com/benhuson/password-protected/compare/2.2.2...2.2.3
2
  All notable changes to this project will be documented in this file.
3
  This project adheres to [Semantic Versioning](http://semver.org/).
4
 
5
+ ## [2.4] - 2020-09-24
6
+
7
+ ### Fixed
8
+ - Add a Nocache header to the login page redirect to prevent the browser from caching the redirect page. Props [De'Yonte W.](https://github.com/rxnlabs)
9
+ - Remove ‘password-protected’ query from redirects on successful login or logout.
10
+ - Check "redirect_to" query var is set in hidden form field. Props [Matthias Kittsteiner](https://wordpress.org/support/users/kittmedia/).
11
+ - Add favicon to password protected login page.
12
+
13
  ## [2.3] - 2020-05-17
14
 
15
  ### Added
246
  ### Added
247
  - First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
248
 
249
+ [Unreleased]: https://github.com/benhuson/password-protected/compare/2.4...HEAD
250
+ [2.4]: https://github.com/benhuson/password-protected/compare/2.3...2.4
251
+ [2.3]: https://github.com/benhuson/password-protected/compare/2.2.5...2.3
252
  [2.2.5]: https://github.com/benhuson/password-protected/compare/2.2.4...2.2.5
253
  [2.2.4]: https://github.com/benhuson/password-protected/compare/2.2.3...2.2.4
254
  [2.2.3]: https://github.com/benhuson/password-protected/compare/2.2.2...2.2.3
README.md CHANGED
@@ -69,6 +69,9 @@ If you would like to translate this plugin you can easily contribute at the [Tra
69
  Upgrade Notice
70
  --------------
71
 
 
 
 
72
  ### 2.3
73
  Fixed an issue with "testcookie" on some hosts. Added `password_protected_cookie_name` and `password_protected_options_page_capability` filters.
74
 
69
  Upgrade Notice
70
  --------------
71
 
72
+ ### 2.4
73
+ Fixes to help with caching issues and favicon on login page.
74
+
75
  ### 2.3
76
  Fixed an issue with "testcookie" on some hosts. Added `password_protected_cookie_name` and `password_protected_options_page_capability` filters.
77
 
languages/password-protected.pot CHANGED
@@ -5,7 +5,7 @@ msgid ""
5
  msgstr ""
6
  "Project-Id-Version: Password Protected\n"
7
  "Report-Msgid-Bugs-To: http://wordpress.org/tag/password-protected\n"
8
- "POT-Creation-Date: 2020-05-18 14:21+0100\n"
9
  "PO-Revision-Date: 2015-05-14 23:15-0000\n"
10
  "Last-Translator: Ben Huson <ben@thewhiteroom.net>\n"
11
  "Language-Team: LANGUAGE\n"
@@ -13,7 +13,7 @@ msgstr ""
13
  "MIME-Version: 1.0\n"
14
  "Content-Type: text/plain; charset=UTF-8\n"
15
  "Content-Transfer-Encoding: 8bit\n"
16
- "X-Generator: Poedit 2.3\n"
17
  "X-Poedit-KeywordsList: __;_e;_x:1,2c;_ex:1,2c;esc_html__;esc_html_e;esc_html_x:1,2c;esc_attr__;esc_attr_e;esc_attr_x:1,2c\n"
18
  "X-Poedit-Basepath: .\n"
19
  "Plural-Forms: nplurals=2; plural=(n != 1);\n"
@@ -51,27 +51,23 @@ msgstr ""
51
  msgid "If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your caching setup to disable caching for the Password Protected cookie:"
52
  msgstr ""
53
 
54
- #: ../admin/admin-caching.php:111
55
- msgid "Can be changed using the `password_protected_cookie_name` filter."
56
- msgstr ""
57
-
58
- #: ../admin/admin-caching.php:122
59
  msgid "We have detected your site may be running on WP Engine hosting."
60
  msgstr ""
61
 
62
- #: ../admin/admin-caching.php:123
63
  msgid "In order for Password Protected to work with WP Engine's caching configuration you must ask them to disable caching for the Password Protected cookie."
64
  msgstr ""
65
 
66
- #: ../admin/admin-caching.php:134
67
  msgid "It looks like you may be using the W3 Total Cache plugin?"
68
  msgstr ""
69
 
70
- #: ../admin/admin-caching.php:135
71
  msgid "In order for Password Protected to work with W3 Total Cache you must disable caching when the Password Protected cookie is set."
72
  msgstr ""
73
 
74
- #: ../admin/admin-caching.php:136
75
  #, php-format
76
  msgid "You can adjust the cookie settings for W3 Total Cache under <a href=\"%s\">Performance > Page Cache > Advanced > Rejected Cookies</a>."
77
  msgstr ""
@@ -87,145 +83,178 @@ msgstr ""
87
  msgid "Password Protected Plugin"
88
  msgstr ""
89
 
90
- #: ../admin/admin.php:47 ../admin/admin.php:98
91
  msgid "Password Protected"
92
  msgstr ""
93
 
94
- #: ../admin/admin.php:60
95
  msgid "Password Protected Settings"
96
  msgstr ""
97
 
98
- #: ../admin/admin.php:66
99
  msgid "Save Changes"
100
  msgstr ""
101
 
102
- #: ../admin/admin.php:99
103
  msgid "<p><strong>Password Protected Status</strong><br />Turn on/off password protection.</p>"
104
  msgstr ""
105
 
106
- #: ../admin/admin.php:100
107
  msgid ""
108
  "<p><strong>Protected Permissions</strong><br />Allow access for logged in users and administrators without needing to enter a password. You will need to enable this option if you want administrators to be able to preview the site in "
109
  "the Theme Customizer. Also allow RSS Feeds to be accessed when the site is password protected.</p>"
110
  msgstr ""
111
 
112
- #: ../admin/admin.php:101
113
  msgid "<p><strong>Password Fields</strong><br />To set a new password, enter it into both fields. You cannot set an `empty` password. To disable password protection uncheck the Enabled checkbox.</p>"
114
  msgstr ""
115
 
116
- #: ../admin/admin.php:120
117
  msgid "Password Protected Status"
118
  msgstr ""
119
 
120
- #: ../admin/admin.php:128
121
  msgid "Protected Permissions"
122
  msgstr ""
123
 
124
- #: ../admin/admin.php:136
125
  msgid "New Password"
126
  msgstr ""
127
 
128
- #: ../admin/admin.php:144
129
  msgid "Allow IP Addresses"
130
  msgstr ""
131
 
132
- #: ../admin/admin.php:152
133
  msgid "Allow Remember me"
134
  msgstr ""
135
 
136
- #: ../admin/admin.php:160
137
  msgid "Remember for this many days"
138
  msgstr ""
139
 
140
- #: ../admin/admin.php:192
141
  msgid "New password not saved. When setting a new password please enter it in both fields."
142
  msgstr ""
143
 
144
- #: ../admin/admin.php:195
145
  msgid "New password not saved. Password fields did not match."
146
  msgstr ""
147
 
148
- #: ../admin/admin.php:198
149
  msgid "New password saved."
150
  msgstr ""
151
 
152
- #: ../admin/admin.php:245
153
  msgid "Password protect your web site. Users will be asked to enter a password to view the site."
154
  msgstr ""
155
 
156
- #: ../admin/admin.php:246
157
  msgid "For more information about Password Protected settings, view the \"Help\" tab at the top of this page."
158
  msgstr ""
159
 
160
- #: ../admin/admin.php:255
161
  msgid "Enabled"
162
  msgstr ""
163
 
164
- #: ../admin/admin.php:264
165
  msgid "Allow Administrators"
166
  msgstr ""
167
 
168
- #: ../admin/admin.php:265
169
  msgid "Allow Logged In Users"
170
  msgstr ""
171
 
172
- #: ../admin/admin.php:266
173
  msgid "Allow RSS Feeds"
174
  msgstr ""
175
 
176
- #: ../admin/admin.php:267
177
  msgid "Allow REST API Access"
178
  msgstr ""
179
 
180
- #: ../admin/admin.php:276
181
  msgid "If you would like to change the password type a new one. Otherwise leave this blank."
182
  msgstr ""
183
 
184
- #: ../admin/admin.php:277
185
  msgid "Type your new password again."
186
  msgstr ""
187
 
188
- #: ../admin/admin.php:288
189
  msgid "Enter one IP address per line."
190
  msgstr ""
191
 
192
- #: ../admin/admin.php:290
193
  #, php-format
194
  msgid "Your IP is address %s."
195
  msgstr ""
196
 
197
- #: ../admin/admin.php:351
198
  msgid "http://github.com/benhuson/password-protected"
199
  msgstr ""
200
 
201
- #: ../admin/admin.php:351
202
  msgid "GitHub"
203
  msgstr ""
204
 
205
- #: ../admin/admin.php:352
206
  msgid "https://translate.wordpress.org/projects/wp-plugins/password-protected"
207
  msgstr ""
208
 
209
- #: ../admin/admin.php:352
210
  msgid "Translate"
211
  msgstr ""
212
 
213
- #: ../admin/admin.php:369
214
  msgid "Settings"
215
  msgstr ""
216
 
217
- #: ../admin/admin.php:397
218
  msgid "You have enabled password protection but not yet set a password. Please set one below."
219
  msgstr ""
220
 
221
- #: ../admin/admin.php:402
222
  msgid "You have enabled password protection and allowed administrators and logged in users - other users will still need to enter a password to view the site."
223
  msgstr ""
224
 
225
- #: ../admin/admin.php:404
226
  msgid "You have enabled password protection and allowed administrators - other users will still need to enter a password to view the site."
227
  msgstr ""
228
 
229
- #: ../admin/admin.php:406
230
  msgid "You have enabled password protection and allowed logged in users - other users will still need to enter a password to view the site."
231
  msgstr ""
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5
  msgstr ""
6
  "Project-Id-Version: Password Protected\n"
7
  "Report-Msgid-Bugs-To: http://wordpress.org/tag/password-protected\n"
8
+ "POT-Creation-Date: 2019-06-04 12:50+0100\n"
9
  "PO-Revision-Date: 2015-05-14 23:15-0000\n"
10
  "Last-Translator: Ben Huson <ben@thewhiteroom.net>\n"
11
  "Language-Team: LANGUAGE\n"
13
  "MIME-Version: 1.0\n"
14
  "Content-Type: text/plain; charset=UTF-8\n"
15
  "Content-Transfer-Encoding: 8bit\n"
16
+ "X-Generator: Poedit 2.2.3\n"
17
  "X-Poedit-KeywordsList: __;_e;_x:1,2c;_ex:1,2c;esc_html__;esc_html_e;esc_html_x:1,2c;esc_attr__;esc_attr_e;esc_attr_x:1,2c\n"
18
  "X-Poedit-Basepath: .\n"
19
  "Plural-Forms: nplurals=2; plural=(n != 1);\n"
51
  msgid "If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your caching setup to disable caching for the Password Protected cookie:"
52
  msgstr ""
53
 
54
+ #: ../admin/admin-caching.php:121
 
 
 
 
55
  msgid "We have detected your site may be running on WP Engine hosting."
56
  msgstr ""
57
 
58
+ #: ../admin/admin-caching.php:122
59
  msgid "In order for Password Protected to work with WP Engine's caching configuration you must ask them to disable caching for the Password Protected cookie."
60
  msgstr ""
61
 
62
+ #: ../admin/admin-caching.php:133
63
  msgid "It looks like you may be using the W3 Total Cache plugin?"
64
  msgstr ""
65
 
66
+ #: ../admin/admin-caching.php:134
67
  msgid "In order for Password Protected to work with W3 Total Cache you must disable caching when the Password Protected cookie is set."
68
  msgstr ""
69
 
70
+ #: ../admin/admin-caching.php:135
71
  #, php-format
72
  msgid "You can adjust the cookie settings for W3 Total Cache under <a href=\"%s\">Performance > Page Cache > Advanced > Rejected Cookies</a>."
73
  msgstr ""
83
  msgid "Password Protected Plugin"
84
  msgstr ""
85
 
86
+ #: ../admin/admin.php:46 ../admin/admin.php:97
87
  msgid "Password Protected"
88
  msgstr ""
89
 
90
+ #: ../admin/admin.php:59
91
  msgid "Password Protected Settings"
92
  msgstr ""
93
 
94
+ #: ../admin/admin.php:65
95
  msgid "Save Changes"
96
  msgstr ""
97
 
98
+ #: ../admin/admin.php:98
99
  msgid "<p><strong>Password Protected Status</strong><br />Turn on/off password protection.</p>"
100
  msgstr ""
101
 
102
+ #: ../admin/admin.php:99
103
  msgid ""
104
  "<p><strong>Protected Permissions</strong><br />Allow access for logged in users and administrators without needing to enter a password. You will need to enable this option if you want administrators to be able to preview the site in "
105
  "the Theme Customizer. Also allow RSS Feeds to be accessed when the site is password protected.</p>"
106
  msgstr ""
107
 
108
+ #: ../admin/admin.php:100
109
  msgid "<p><strong>Password Fields</strong><br />To set a new password, enter it into both fields. You cannot set an `empty` password. To disable password protection uncheck the Enabled checkbox.</p>"
110
  msgstr ""
111
 
112
+ #: ../admin/admin.php:119
113
  msgid "Password Protected Status"
114
  msgstr ""
115
 
116
+ #: ../admin/admin.php:127
117
  msgid "Protected Permissions"
118
  msgstr ""
119
 
120
+ #: ../admin/admin.php:135
121
  msgid "New Password"
122
  msgstr ""
123
 
124
+ #: ../admin/admin.php:143
125
  msgid "Allow IP Addresses"
126
  msgstr ""
127
 
128
+ #: ../admin/admin.php:151
129
  msgid "Allow Remember me"
130
  msgstr ""
131
 
132
+ #: ../admin/admin.php:159
133
  msgid "Remember for this many days"
134
  msgstr ""
135
 
136
+ #: ../admin/admin.php:191
137
  msgid "New password not saved. When setting a new password please enter it in both fields."
138
  msgstr ""
139
 
140
+ #: ../admin/admin.php:194
141
  msgid "New password not saved. Password fields did not match."
142
  msgstr ""
143
 
144
+ #: ../admin/admin.php:197
145
  msgid "New password saved."
146
  msgstr ""
147
 
148
+ #: ../admin/admin.php:244
149
  msgid "Password protect your web site. Users will be asked to enter a password to view the site."
150
  msgstr ""
151
 
152
+ #: ../admin/admin.php:245
153
  msgid "For more information about Password Protected settings, view the \"Help\" tab at the top of this page."
154
  msgstr ""
155
 
156
+ #: ../admin/admin.php:254
157
  msgid "Enabled"
158
  msgstr ""
159
 
160
+ #: ../admin/admin.php:263
161
  msgid "Allow Administrators"
162
  msgstr ""
163
 
164
+ #: ../admin/admin.php:264
165
  msgid "Allow Logged In Users"
166
  msgstr ""
167
 
168
+ #: ../admin/admin.php:265
169
  msgid "Allow RSS Feeds"
170
  msgstr ""
171
 
172
+ #: ../admin/admin.php:266
173
  msgid "Allow REST API Access"
174
  msgstr ""
175
 
176
+ #: ../admin/admin.php:275
177
  msgid "If you would like to change the password type a new one. Otherwise leave this blank."
178
  msgstr ""
179
 
180
+ #: ../admin/admin.php:276
181
  msgid "Type your new password again."
182
  msgstr ""
183
 
184
+ #: ../admin/admin.php:287
185
  msgid "Enter one IP address per line."
186
  msgstr ""
187
 
188
+ #: ../admin/admin.php:289
189
  #, php-format
190
  msgid "Your IP is address %s."
191
  msgstr ""
192
 
193
+ #: ../admin/admin.php:350
194
  msgid "http://github.com/benhuson/password-protected"
195
  msgstr ""
196
 
197
+ #: ../admin/admin.php:350
198
  msgid "GitHub"
199
  msgstr ""
200
 
201
+ #: ../admin/admin.php:351
202
  msgid "https://translate.wordpress.org/projects/wp-plugins/password-protected"
203
  msgstr ""
204
 
205
+ #: ../admin/admin.php:351
206
  msgid "Translate"
207
  msgstr ""
208
 
209
+ #: ../admin/admin.php:368
210
  msgid "Settings"
211
  msgstr ""
212
 
213
+ #: ../admin/admin.php:396
214
  msgid "You have enabled password protection but not yet set a password. Please set one below."
215
  msgstr ""
216
 
217
+ #: ../admin/admin.php:401
218
  msgid "You have enabled password protection and allowed administrators and logged in users - other users will still need to enter a password to view the site."
219
  msgstr ""
220
 
221
+ #: ../admin/admin.php:403
222
  msgid "You have enabled password protection and allowed administrators - other users will still need to enter a password to view the site."
223
  msgstr ""
224
 
225
+ #: ../admin/admin.php:405
226
  msgid "You have enabled password protection and allowed logged in users - other users will still need to enter a password to view the site."
227
  msgstr ""
228
+
229
+ #: ../password-protected.php:165
230
+ #, php-format
231
+ msgid "Feeds are not available for this site. Please visit the <a href=\"%s\">website</a>."
232
+ msgstr ""
233
+
234
+ #: ../password-protected.php:324
235
+ msgid "Incorrect Password"
236
+ msgstr ""
237
+
238
+ #: ../password-protected.php:462 ../password-protected.php:466
239
+ msgid "Logout"
240
+ msgstr ""
241
+
242
+ #: ../password-protected.php:808
243
+ msgid "Only authenticated users can access the REST API."
244
+ msgstr ""
245
+
246
+ #: ../theme/password-protected-login.php:53
247
+ msgid "<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."
248
+ msgstr ""
249
+
250
+ #: ../theme/password-protected-login.php:120
251
+ msgid "Password"
252
+ msgstr ""
253
+
254
+ #: ../theme/password-protected-login.php:126
255
+ msgid "Remember Me"
256
+ msgstr ""
257
+
258
+ #: ../theme/password-protected-login.php:131
259
+ msgid "Log In"
260
+ msgstr ""
password-protected.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin Name: Password Protected
5
  Plugin URI: https://wordpress.org/plugins/password-protected/
6
  Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work with some caching setups.
7
- Version: 2.3
8
  Author: Ben Huson
9
  Text Domain: password-protected
10
  Author URI: http://github.com/benhuson/password-protected/
@@ -72,6 +72,11 @@ class Password_Protected {
72
  add_action( 'password_protected_login_messages', array( $this, 'login_messages' ) );
73
  add_action( 'login_enqueue_scripts', array( $this, 'load_theme_stylesheet' ), 5 );
74
 
 
 
 
 
 
75
  add_shortcode( 'password_protected_logout_link', array( $this, 'logout_link_shortcode' ) );
76
 
77
  include_once( dirname( __FILE__ ) . '/admin/admin-bar.php' );
@@ -278,7 +283,7 @@ class Password_Protected {
278
  $this->logout();
279
 
280
  if ( isset( $_REQUEST['redirect_to'] ) ) {
281
- $redirect_to = esc_url_raw( $_REQUEST['redirect_to'], array( 'http', 'https' ) );
282
  } else {
283
  $redirect_to = home_url( '/' );
284
  }
@@ -313,7 +318,10 @@ class Password_Protected {
313
  $redirect_to = apply_filters( 'password_protected_login_redirect', $redirect_to );
314
 
315
  if ( ! empty( $redirect_to ) ) {
316
- $this->safe_redirect( $redirect_to );
 
 
 
317
  exit;
318
  }
319
 
@@ -384,6 +392,7 @@ class Password_Protected {
384
  $redirect_to = add_query_arg( 'redirect_to', urlencode( $redirect_to_url ), $redirect_to );
385
  }
386
 
 
387
  wp_redirect( $redirect_to );
388
  exit();
389
 
4
  Plugin Name: Password Protected
5
  Plugin URI: https://wordpress.org/plugins/password-protected/
6
  Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work with some caching setups.
7
+ Version: 2.4
8
  Author: Ben Huson
9
  Text Domain: password-protected
10
  Author URI: http://github.com/benhuson/password-protected/
72
  add_action( 'password_protected_login_messages', array( $this, 'login_messages' ) );
73
  add_action( 'login_enqueue_scripts', array( $this, 'load_theme_stylesheet' ), 5 );
74
 
75
+ // Available from WordPress 4.3+
76
+ if ( function_exists( 'wp_site_icon' ) ) {
77
+ add_action( 'password_protected_login_head', 'wp_site_icon' );
78
+ }
79
+
80
  add_shortcode( 'password_protected_logout_link', array( $this, 'logout_link_shortcode' ) );
81
 
82
  include_once( dirname( __FILE__ ) . '/admin/admin-bar.php' );
283
  $this->logout();
284
 
285
  if ( isset( $_REQUEST['redirect_to'] ) ) {
286
+ $redirect_to = remove_query_arg( 'password-protected', esc_url_raw( $_REQUEST['redirect_to'], array( 'http', 'https' ) ) );
287
  } else {
288
  $redirect_to = home_url( '/' );
289
  }
318
  $redirect_to = apply_filters( 'password_protected_login_redirect', $redirect_to );
319
 
320
  if ( ! empty( $redirect_to ) ) {
321
+ $this->safe_redirect( remove_query_arg( 'password-protected', $redirect_to ) );
322
+ exit;
323
+ } elseif ( isset( $_GET['password_protected_pwd'] ) ) {
324
+ $this->safe_redirect( remove_query_arg( 'password-protected' ) );
325
  exit;
326
  }
327
 
392
  $redirect_to = add_query_arg( 'redirect_to', urlencode( $redirect_to_url ), $redirect_to );
393
  }
394
 
395
+ nocache_headers();
396
  wp_redirect( $redirect_to );
397
  exit();
398
 
readme.txt CHANGED
@@ -3,9 +3,9 @@ Contributors: husobj
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DXRJDNCMK9U3N
4
  Tags: password, protect, password protect, login
5
  Requires at least: 4.6
6
- Tested up to: 5.4
7
  Requires PHP: 5.6
8
- Stable tag: 2.3
9
  License: GPLv2 or later
10
 
11
  A very simple way to quickly password protect your WordPress site with a single password.
@@ -79,7 +79,13 @@ If you would like to translate this plugin you can easily contribute at the [Tra
79
  2. Password Protected settings page.
80
 
81
  == Changelog ==
82
-
 
 
 
 
 
 
83
  = 2.3 =
84
  - Adds `password_protected_cookie_name` filter for the cookie name. Props [Jose Castaneda](https://github.com/jocastaneda).
85
  - Let developers override the capability needed to see the options page via a `password_protected_options_page_capability` filter. Props [Nicola Peluchetti](https://github.com/nicoladj77).
@@ -220,6 +226,9 @@ If you would like to translate this plugin you can easily contribute at the [Tra
220
 
221
  == Upgrade Notice ==
222
 
 
 
 
223
  = 2.3 =
224
  Fixed an issue with "testcookie" on some hosts. Added `password_protected_cookie_name` and `password_protected_options_page_capability` filters.
225
 
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DXRJDNCMK9U3N
4
  Tags: password, protect, password protect, login
5
  Requires at least: 4.6
6
+ Tested up to: 5.5.1
7
  Requires PHP: 5.6
8
+ Stable tag: 2.4
9
  License: GPLv2 or later
10
 
11
  A very simple way to quickly password protect your WordPress site with a single password.
79
  2. Password Protected settings page.
80
 
81
  == Changelog ==
82
+
83
+ = 2.4 =
84
+ - Add a Nocache header to the login page redirect to prevent the browser from caching the redirect page. Props [De'Yonte W.](https://github.com/rxnlabs)
85
+ - Remove ‘password-protected’ query from redirects on successful login or logout.
86
+ - Check "redirect_to" query var is set in hidden form field. Props [Matthias Kittsteiner](https://wordpress.org/support/users/kittmedia/).
87
+ - Add favicon to password protected login page.
88
+
89
  = 2.3 =
90
  - Adds `password_protected_cookie_name` filter for the cookie name. Props [Jose Castaneda](https://github.com/jocastaneda).
91
  - Let developers override the capability needed to see the options page via a `password_protected_options_page_capability` filter. Props [Nicola Peluchetti](https://github.com/nicoladj77).
226
 
227
  == Upgrade Notice ==
228
 
229
+ = 2.4 =
230
+ Fixes to help with caching issues and favicon on login page.
231
+
232
  = 2.3 =
233
  Fixed an issue with "testcookie" on some hosts. Added `password_protected_cookie_name` and `password_protected_options_page_capability` filters.
234
 
theme/password-protected-login.php CHANGED
@@ -131,7 +131,7 @@ do_action( 'password_protected_login_head' );
131
  <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In' ); ?>" tabindex="100" />
132
  <input type="hidden" name="password_protected_cookie_test" value="1" />
133
  <input type="hidden" name="password-protected" value="login" />
134
- <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $_REQUEST['redirect_to'] ); ?>" />
135
  </p>
136
  </form>
137
 
131
  <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In' ); ?>" tabindex="100" />
132
  <input type="hidden" name="password_protected_cookie_test" value="1" />
133
  <input type="hidden" name="password-protected" value="login" />
134
+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr( ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' ); ?>" />
135
  </p>
136
  </form>
137