Make WordPress Core

Changeset 29478


Ignore:
Timestamp:
08/13/2014 02:46:18 AM (10 years ago)
Author:
azaozz
Message:

Fix the wp-settings-* cookies used in getUserSetting()/setUserSetting(). They should be set without COOKIE_DOMAIN to work properly for sub-domains. Fixes #29095.

Location:
trunk/src/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/js/utils.js

    r29362 r29478  
    129129     * This is done by setting it to an empty value and setting the expiration time in the past.
    130130     */
    131     remove: function( name, path ) {
    132         this.set( name, '', -1000, path );
     131    remove: function( name, path, domain, secure ) {
     132        this.set( name, '', -1000, path, domain, secure );
    133133    }
    134134};
     
    158158
    159159    var uid = userSettings.uid,
    160         oldUid = uid.lastIndexOf('-') > 0 ? uid.substring( 0, uid.lastIndexOf('-') ) : 0,
    161160        settings = wpCookies.getHash( 'wp-settings-' + uid ),
    162         path = userSettings.url;
     161        path = userSettings.url,
     162        secure = !! userSettings.secure;
    163163
    164164    name = name.toString().replace( /[^A-Za-z0-9_]/, '' );
     
    168168    } else {
    169169        value = value.toString().replace( /[^A-Za-z0-9_]/, '' );
    170     }
    171 
    172     if ( oldUid ) {
    173         if ( ! settings ) {
    174             settings = wpCookies.getHash( 'wp-settings-' + oldUid );
    175         }
    176         // Delete old cookies
    177         if ( wpCookies.get( 'wp-settings-time-' + oldUid ) ) {
    178             wpCookies.remove( 'wp-settings-' + oldUid, path );
    179             wpCookies.remove( 'wp-settings-time-' + oldUid, path );
    180         }
    181170    }
    182171
     
    189178    }
    190179
    191     wpCookies.setHash( 'wp-settings-' + uid, settings, 31536000, path );
    192     wpCookies.set( 'wp-settings-time-' + uid, userSettings.time, 31536000, path );
     180    wpCookies.setHash( 'wp-settings-' + uid, settings, 31536000, path, '', secure );
     181    wpCookies.set( 'wp-settings-time-' + uid, userSettings.time, 31536000, path, '', secure );
    193182
    194183    return name;
     
    205194    }
    206195
    207     var uid = userSettings.uid,
    208         settings = wpCookies.getHash( 'wp-settings-' + uid );
    209 
    210     // Try the old format cookie
    211     if ( ! settings && uid.lastIndexOf('-') > 0 ) {
    212         uid = uid.substring( 0, uid.lastIndexOf('-') );
    213         settings = wpCookies.getHash( 'wp-settings-' + uid );
    214     }
    215 
    216     return settings || {};
     196    return wpCookies.getHash( 'wp-settings-' + userSettings.uid ) || {};
    217197}
  • trunk/src/wp-includes/option.php

    r29362 r29478  
    727727
    728728    $settings = (string) get_user_option( 'user-settings', $user_id );
    729     $uid = $user_id . '-' . get_current_blog_id();
    730 
    731     if ( isset( $_COOKIE['wp-settings-' . $uid] ) ) {
    732         $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $uid] );
     729
     730    if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
     731        $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
    733732
    734733        // No change or both empty
     
    737736
    738737        $last_saved = (int) get_user_option( 'user-settings-time', $user_id );
    739         $current = isset( $_COOKIE['wp-settings-time-' . $uid]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $uid] ) : 0;
     738        $current = isset( $_COOKIE['wp-settings-time-' . $user_id]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user_id] ) : 0;
    740739
    741740        // The cookie is newer than the saved value. Update the user_option and leave the cookie as-is
     
    749748    // The cookie is not set in the current browser or the saved value is newer.
    750749    $secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) );
    751     setcookie( 'wp-settings-' . $uid, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
    752     setcookie( 'wp-settings-time-' . $uid, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
    753     $_COOKIE['wp-settings-' . $uid] = $settings;
     750    setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
     751    setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
     752    $_COOKIE['wp-settings-' . $user_id] = $settings;
    754753}
    755754
     
    847846
    848847    $user_settings = array();
    849     $uid = $user_id . '-' . get_current_blog_id();
    850 
    851     if ( isset( $_COOKIE['wp-settings-' . $uid] ) ) {
    852         $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $uid] );
    853     } elseif ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
     848
     849    if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
    854850        $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
    855     }
    856 
    857     if ( ! empty( $cookie ) && strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
    858         parse_str( $cookie, $user_settings );
     851
     852        if ( strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
     853            parse_str( $cookie, $user_settings );
     854        }
    859855    } else {
    860856        $option = get_user_option( 'user-settings', $user_id );
    861         if ( $option && is_string( $option ) )
     857
     858        if ( $option && is_string( $option ) ) {
    862859            parse_str( $option, $user_settings );
     860        }
    863861    }
    864862
     
    915913    }
    916914
    917     $uid = $user_id . '-' . get_current_blog_id();
    918915    update_user_option( $user_id, 'user-settings', '', false );
    919     setcookie( 'wp-settings-' . $uid, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
     916    setcookie( 'wp-settings-' . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
    920917}
    921918
  • trunk/src/wp-includes/script-loader.php

    r29457 r29478  
    7373    did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array(
    7474        'url' => (string) SITECOOKIEPATH,
    75         'uid' => get_current_user_id() . '-' . get_current_blog_id(),
     75        'uid' => (string) get_current_user_id(),
    7676        'time' => (string) time(),
     77        'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ),
    7778    ) );
    7879
Note: See TracChangeset for help on using the changeset viewer.