WordPress.org

Make WordPress Core

Ticket #16920: 16920.5.patch

File 16920.5.patch, 2.1 KB (added by hakre, 9 years ago)

setcookie() has httponly parameter now

  • wp-includes/pluggable.php

    ### Eclipse Workspace Patch 1.0
    #P wordpress-trunk bare
     
    688688        do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
    689689        do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
    690690
    691         // Set httponly if the php version is >= 5.2.0
    692         if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
    693                 setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
    694                 setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
    695                 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
    696                 if ( COOKIEPATH != SITECOOKIEPATH )
    697                         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
    698         } else {
    699                 $cookie_domain = COOKIE_DOMAIN;
    700                 if ( !empty($cookie_domain) )
    701                         $cookie_domain .= '; HttpOnly';
    702                 setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
    703                 setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
    704                 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
    705                 if ( COOKIEPATH != SITECOOKIEPATH )
    706                         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
    707         }
     691        setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
     692        setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
     693        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
     694        if ( COOKIEPATH != SITECOOKIEPATH )
     695                setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
    708696}
    709697endif;
    710698