WordPress.org

Make WordPress Core

Changeset 17227


Ignore:
Timestamp:
01/06/2011 04:08:23 AM (11 years ago)
Author:
ryan
Message:

Add some cookie filters to allow plugins more control over SSL cookie delivery. see #15330

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r16907 r17227  
    672672        $secure = is_ssl();
    673673
     674    $secure = apply_filters('secure_auth_cookie', $secure, $user_id);
     675    $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure);
     676
    674677    if ( $secure ) {
    675678        $auth_cookie_name = SECURE_AUTH_COOKIE;
     
    690693        setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
    691694        setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
    692         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true);
     695        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
    693696        if ( COOKIEPATH != SITECOOKIEPATH )
    694             setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
     697            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
    695698    } else {
    696699        $cookie_domain = COOKIE_DOMAIN;
     
    699702        setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
    700703        setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
    701         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain);
     704        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
    702705        if ( COOKIEPATH != SITECOOKIEPATH )
    703             setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain);
     706            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
    704707    }
    705708}
     
    764767
    765768    $secure = ( is_ssl() || force_ssl_admin() );
     769
     770    $secure = apply_filters('secure_auth_redirect', $secure);
    766771
    767772    // If https is required and request is http, redirect
  • trunk/wp-includes/user.php

    r17198 r17227  
    4343    if ( '' === $secure_cookie )
    4444        $secure_cookie = is_ssl();
     45
     46    $secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, $credentials);
    4547
    4648    global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
Note: See TracChangeset for help on using the changeset viewer.