WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/08/2015 03:04:41 AM (6 years ago)
Author:
johnbillion
Message:

Correctly set the secure flag for the test cookie based on the login URL scheme, and the same for the user settings cookies based on the admin URL scheme.

Fixes #34159

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/option.php

    r34912 r34931  
    813813
    814814    // The cookie is not set in the current browser or the saved value is newer.
    815     $secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) );
     815    $secure = ( 'https' === parse_url( admin_url(), PHP_URL_SCHEME ) );
    816816    setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
    817817    setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
Note: See TracChangeset for help on using the changeset viewer.