WordPress.org

Make WordPress Core


Ignore:
Timestamp:
09/10/2015 10:41:08 PM (6 years ago)
Author:
johnbillion
Message:

Set the secure flag on the wp-saving-post cookie when using HTTPS.

This cookie doesn't contain any sensitive information, but this change brings its behaviour in line with all other core cookies.

Fixes #31056

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/post.php

    r34020 r34027  
    191191    // Session cookie flag that the post was saved
    192192    if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) {
    193         setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS );
     193        setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() );
    194194    }
    195195
Note: See TracChangeset for help on using the changeset viewer.