WordPress.org

Make WordPress Core

Ticket #28427: 28427.2.diff

File 28427.2.diff, 3.4 KB (added by johnbillion, 6 years ago)
  • src/wp-login.php

     
    422422}
    423423
    424424//Set a cookie now to see if they are supported by the browser.
    425 setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
     425$secure = ( is_https_url( home_url() ) && is_https_url( site_url() ) );
     426setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
    426427if ( SITECOOKIEPATH != COOKIEPATH )
    427         setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
     428        setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
    428429
    429430/**
    430431 * Fires when the login form is initialized.
     
    463464         * @param int $expires The expiry time, as passed to setcookie().
    464465         */
    465466        $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
    466         setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
     467        $secure = is_https_url( home_url() );
     468        setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
    467469
    468470        wp_safe_redirect( wp_get_referer() );
    469471        exit();
  • src/wp-includes/option.php

     
    746746        }
    747747
    748748        // The cookie is not set in the current browser or the saved value is newer.
    749         setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH );
    750         setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH );
     749        $secure = is_https_url( site_url() );
     750        setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
     751        setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
    751752        $_COOKIE['wp-settings-' . $user_id] = $settings;
    752753}
    753754
  • src/wp-includes/comment.php

     
    718718         * @param int $seconds Comment cookie lifetime. Default 30000000.
    719719         */
    720720        $comment_cookie_lifetime = apply_filters( 'comment_cookie_lifetime', 30000000 );
    721         setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
    722         setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
    723         setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
     721        $secure = is_https_url( home_url() );
     722        setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
     723        setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
     724        setcookie( 'comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
    724725}
    725726
    726727/**