WordPress.org

Make WordPress Core

Ticket #29641: 29641.diff

File 29641.diff, 763 bytes (added by johnbillion, 6 years ago)
  • src/wp-login.php

     
    491491         * @param int $expires The expiry time, as passed to setcookie().
    492492         */
    493493        $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
    494         $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
     494        $referer = wp_get_referer();
     495        if ( $referer ) {
     496                $secure = ( 'https' === parse_url( $referer, PHP_URL_SCHEME ) );
     497        } else {
     498                $secure = false;
     499        }
    495500        setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
    496501
    497502        wp_safe_redirect( wp_get_referer() );