Make WordPress Core


Ignore:
Timestamp:
08/13/2014 02:46:18 AM (10 years ago)
Author:
azaozz
Message:

Fix the wp-settings-* cookies used in getUserSetting()/setUserSetting(). They should be set without COOKIE_DOMAIN to work properly for sub-domains. Fixes #29095.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/option.php

    r29362 r29478  
    727727
    728728    $settings = (string) get_user_option( 'user-settings', $user_id );
    729     $uid = $user_id . '-' . get_current_blog_id();
    730 
    731     if ( isset( $_COOKIE['wp-settings-' . $uid] ) ) {
    732         $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $uid] );
     729
     730    if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
     731        $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
    733732
    734733        // No change or both empty
     
    737736
    738737        $last_saved = (int) get_user_option( 'user-settings-time', $user_id );
    739         $current = isset( $_COOKIE['wp-settings-time-' . $uid]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $uid] ) : 0;
     738        $current = isset( $_COOKIE['wp-settings-time-' . $user_id]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user_id] ) : 0;
    740739
    741740        // The cookie is newer than the saved value. Update the user_option and leave the cookie as-is
     
    749748    // The cookie is not set in the current browser or the saved value is newer.
    750749    $secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) );
    751     setcookie( 'wp-settings-' . $uid, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
    752     setcookie( 'wp-settings-time-' . $uid, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
    753     $_COOKIE['wp-settings-' . $uid] = $settings;
     750    setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
     751    setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
     752    $_COOKIE['wp-settings-' . $user_id] = $settings;
    754753}
    755754
     
    847846
    848847    $user_settings = array();
    849     $uid = $user_id . '-' . get_current_blog_id();
    850 
    851     if ( isset( $_COOKIE['wp-settings-' . $uid] ) ) {
    852         $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $uid] );
    853     } elseif ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
     848
     849    if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
    854850        $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
    855     }
    856 
    857     if ( ! empty( $cookie ) && strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
    858         parse_str( $cookie, $user_settings );
     851
     852        if ( strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
     853            parse_str( $cookie, $user_settings );
     854        }
    859855    } else {
    860856        $option = get_user_option( 'user-settings', $user_id );
    861         if ( $option && is_string( $option ) )
     857
     858        if ( $option && is_string( $option ) ) {
    862859            parse_str( $option, $user_settings );
     860        }
    863861    }
    864862
     
    915913    }
    916914
    917     $uid = $user_id . '-' . get_current_blog_id();
    918915    update_user_option( $user_id, 'user-settings', '', false );
    919     setcookie( 'wp-settings-' . $uid, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
     916    setcookie( 'wp-settings-' . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
    920917}
    921918
Note: See TracChangeset for help on using the changeset viewer.