WordPress.org

Make WordPress Core

Changeset 28627


Ignore:
Timestamp:
05/30/2014 03:07:18 PM (7 years ago)
Author:
nacin
Message:

Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954).

see #15330.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r28425 r28627  
    819819    }
    820820
    821     if ( '' === $secure )
     821    if ( '' === $secure ) {
    822822        $secure = is_ssl();
     823    }
     824
     825    // Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
     826    $secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
    823827
    824828    /**
     
    841845     * @param bool $secure  Whether the connection is secure.
    842846     */
    843     $secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', false, $user_id, $secure );
     847    $secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
    844848
    845849    if ( $secure ) {
Note: See TracChangeset for help on using the changeset viewer.