Ticket #41937: 41937.2.patch

src/wp-includes/default-constants.php

@@ -240 +240 @@
                 define('LOGGED_IN_COOKIE', 'wordpress_logged_in_' . COOKIEHASH);
 
         /**
+         * @since 4.9.2
+         */
+        if ( ! defined( 'SETTINGS_COOKIE' ) ) {
+                define( 'SETTINGS_COOKIE', 'wp-settings-' );
+        }
+
+        /**
+         * @since 4.9.2
+         */
+        if ( ! defined( 'SETTINGS_TIME_COOKIE' ) ) {
+                define( 'SETTINGS_TIME_COOKIE', 'wp-settings-time-' );
+        }
+
+        /**
          * @since 2.3.0
          */
         if ( !defined('TEST_COOKIE') )

src/wp-includes/js/utils.js

@@ -157 +157 @@
         }
 
         var uid = userSettings.uid,
-                settings = wpCookies.getHash( 'wp-settings-' + uid ),
+                settings = wpCookies.getHash( userSettings.settingsCookie + uid ),
                 path = userSettings.url,
                 secure = !! userSettings.secure;
 
@@ -177 +177 @@
                 settings[name] = value;
         }
 
-        wpCookies.setHash( 'wp-settings-' + uid, settings, 31536000, path, '', secure );
-        wpCookies.set( 'wp-settings-time-' + uid, userSettings.time, 31536000, path, '', secure );
+        wpCookies.setHash( userSettings.settingsCookie + uid, settings, 31536000, path, '', secure );
+        wpCookies.set( userSettings.settingsTimeCookie + uid, userSettings.time, 31536000, path, '', secure );
 
         return name;
 }

src/wp-includes/option.php

@@ -896 +896 @@
 
         $settings = (string) get_user_option( 'user-settings', $user_id );
 
-        if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
-                $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
+        if ( isset( $_COOKIE[ SETTINGS_COOKIE . $user_id ] ) ) {
+                $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE[ SETTINGS_COOKIE . $user_id ] );
 
                 // No change or both empty
                 if ( $cookie == $settings )
@@ -904 +904 @@
                         return;
 
                 $last_saved = (int) get_user_option( 'user-settings-time', $user_id );
-                $current = isset( $_COOKIE['wp-settings-time-' . $user_id]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user_id] ) : 0;
+                $current = isset( $_COOKIE[ SETTINGS_TIME_COOKIE . $user_id ] ) ? preg_replace( '/[^0-9]/', '', $_COOKIE[ SETTINGS_TIME_COOKIE . $user_id ] ) : 0;
 
                 // The cookie is newer than the saved value. Update the user_option and leave the cookie as-is
                 if ( $current > $last_saved ) {
@@ -916 +916 @@
 
         // The cookie is not set in the current browser or the saved value is newer.
         $secure = ( 'https' === parse_url( admin_url(), PHP_URL_SCHEME ) );
-        setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
-        setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
-        $_COOKIE['wp-settings-' . $user_id] = $settings;
+        setcookie( SETTINGS_COOKIE . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
+        setcookie( SETTINGS_TIME_COOKIE . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
+        $_COOKIE[ SETTINGS_COOKIE . $user_id ] = $settings;
 }
 
 /**
@@ -1017 +1017 @@
 
         $user_settings = array();
 
-        if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
-                $cookie = preg_replace( '/[^A-Za-z0-9=&_-]/', '', $_COOKIE['wp-settings-' . $user_id] );
+        if ( isset( $_COOKIE[ SETTINGS_COOKIE . $user_id ] ) ) {
+                $cookie = preg_replace( '/[^A-Za-z0-9=&_-]/', '', $_COOKIE[ SETTINGS_COOKIE . $user_id ] );
 
                 if ( strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
                         parse_str( $cookie, $user_settings );
@@ -1088 +1088 @@
         }
 
         update_user_option( $user_id, 'user-settings', '', false );
-        setcookie( 'wp-settings-' . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
+        setcookie( SETTINGS_COOKIE . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
 }
 
 /**

src/wp-includes/pluggable.php

@@ -953 +953 @@
         setcookie( LOGGED_IN_COOKIE,   ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH,      COOKIE_DOMAIN );
 
         // Settings cookies
-        setcookie( 'wp-settings-' . get_current_user_id(),      ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
-        setcookie( 'wp-settings-time-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
+        setcookie( SETTINGS_COOKIE . get_current_user_id(),      ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
+        setcookie( SETTINGS_TIME_COOKIE . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
 
         // Old cookies
         setcookie( AUTH_COOKIE,        ' ', time() - YEAR_IN_SECONDS, COOKIEPATH,     COOKIE_DOMAIN );

src/wp-includes/script-loader.php

@@ -73 +73 @@
                 'uid' => (string) get_current_user_id(),
                 'time' => (string) time(),
                 'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ),
+                'settingsCookie' => (string) SETTINGS_COOKIE,
+                'settingsTimeCookie' => (string) SETTINGS_TIME_COOKIE,
         ) );
 
         $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array('jquery', 'hoverIntent', 'utils'), false, 1 );