WordPress.org

Make WordPress Core

Changeset 17227


Ignore:
Timestamp:
01/06/11 04:08:23 (3 years ago)
Author:
ryan
Message:

Add some cookie filters to allow plugins more control over SSL cookie delivery. see #15330

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r16907 r17227  
    672672        $secure = is_ssl(); 
    673673 
     674    $secure = apply_filters('secure_auth_cookie', $secure, $user_id); 
     675    $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure); 
     676 
    674677    if ( $secure ) { 
    675678        $auth_cookie_name = SECURE_AUTH_COOKIE; 
     
    690693        setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); 
    691694        setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); 
    692         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true); 
     695        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true); 
    693696        if ( COOKIEPATH != SITECOOKIEPATH ) 
    694             setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true); 
     697            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true); 
    695698    } else { 
    696699        $cookie_domain = COOKIE_DOMAIN; 
     
    699702        setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure); 
    700703        setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure); 
    701         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain); 
     704        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain, $secure_logged_in_cookie); 
    702705        if ( COOKIEPATH != SITECOOKIEPATH ) 
    703             setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain); 
     706            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain, $secure_logged_in_cookie); 
    704707    } 
    705708} 
     
    764767 
    765768    $secure = ( is_ssl() || force_ssl_admin() ); 
     769 
     770    $secure = apply_filters('secure_auth_redirect', $secure); 
    766771 
    767772    // If https is required and request is http, redirect 
  • trunk/wp-includes/user.php

    r17198 r17227  
    4343    if ( '' === $secure_cookie ) 
    4444        $secure_cookie = is_ssl(); 
     45 
     46    $secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, $credentials); 
    4547 
    4648    global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie 
Note: See TracChangeset for help on using the changeset viewer.