WordPress.org

Make WordPress Core

Ticket #7677: 7677.diff

File 7677.diff, 1.8 KB (added by ryan, 6 years ago)
  • wp-includes/pluggable.php

     
    634634        do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme); 
    635635        do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in'); 
    636636 
    637         setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure); 
    638         setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure); 
    639         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN); 
    640         if ( COOKIEPATH != SITECOOKIEPATH ) 
    641                 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN); 
     637        // Set httponly if the php version is >= 5.2.0 
     638        if ( version_compare(phpversion(), '5.2.0', 'ge') ) { 
     639                setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); 
     640                setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); 
     641                setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true); 
     642                if ( COOKIEPATH != SITECOOKIEPATH ) 
     643                        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true); 
     644        } else { 
     645                setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure); 
     646                setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure); 
     647                setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN); 
     648                if ( COOKIEPATH != SITECOOKIEPATH ) 
     649                        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);  
     650        } 
    642651} 
    643652endif; 
    644653