WordPress.org

Make WordPress Core

Changeset 34931


Ignore:
Timestamp:
10/08/2015 03:04:41 AM (6 years ago)
Author:
johnbillion
Message:

Correctly set the secure flag for the test cookie based on the login URL scheme, and the same for the user settings cookies based on the admin URL scheme.

Fixes #34159

Location:
trunk/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/option.php

    r34912 r34931  
    813813
    814814    // The cookie is not set in the current browser or the saved value is newer.
    815     $secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) );
     815    $secure = ( 'https' === parse_url( admin_url(), PHP_URL_SCHEME ) );
    816816    setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
    817817    setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
  • trunk/src/wp-login.php

    r34923 r34931  
    394394
    395395//Set a cookie now to see if they are supported by the browser.
    396 $secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) && 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
     396$secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) );
    397397setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
    398398if ( SITECOOKIEPATH != COOKIEPATH )
Note: See TracChangeset for help on using the changeset viewer.