WordPress.org

Make WordPress Core

Ticket #28427: 28427.diff

File 28427.diff, 3.7 KB (added by johnbillion, 6 years ago)
  • src/wp-login.php

     
    423423}
    424424
    425425//Set a cookie now to see if they are supported by the browser.
    426 setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
     426$secure = ( is_https( home_url() ) and is_https( site_url() ) );
     427setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
    427428if ( SITECOOKIEPATH != COOKIEPATH )
    428         setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
     429        setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
    429430
    430431/**
    431432 * Fires when the login form is initialized.
     
    464465         * @param int $expires The expiry time, as passed to setcookie().
    465466         */
    466467        $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
    467         setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
     468        $secure = is_https( home_url() );
     469        setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
    468470
    469471        wp_safe_redirect( wp_get_referer() );
    470472        exit();
  • src/wp-includes/option.php

     
    744744        }
    745745
    746746        // The cookie is not set in the current browser or the saved value is newer.
    747         setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH );
    748         setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH );
     747        $secure = ( is_https( site_url() ) );
     748        setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
     749        setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
    749750        $_COOKIE['wp-settings-' . $user_id] = $settings;
    750751}
    751752
     
    898899                return;
    899900
    900901        update_user_option( $user_id, 'user-settings', '', false );
    901         setcookie('wp-settings-' . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH);
     902        $secure = ( is_https( site_url() ) );
     903        setcookie( 'wp-settings-' . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
    902904}
    903905
    904906/**
  • src/wp-includes/comment.php

     
    709709         * @param int $seconds Comment cookie lifetime. Default 30000000.
    710710         */
    711711        $comment_cookie_lifetime = apply_filters( 'comment_cookie_lifetime', 30000000 );
    712         setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
    713         setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
    714         setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
     712        $secure = is_https( get_permalink( $comment->comment_post_ID ) );
     713        setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
     714        setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
     715        setcookie( 'comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
    715716}
    716717
    717718/**