Context Navigation

Changeset 34932

Timestamp:

10/08/2015 03:08:05 AM (8 years ago)

Author:

johnbillion

Message:

Correctly set the secure flag on the post password cookie based on the scheme of the referring URL, if it's available, instead of the home URL.

File:

-                      r34931
+                      r34932
      */
     $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
+    $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
+    $referer = wp_get_referer();
+    if ( $referer ) {
+        $secure = ( 'https' === parse_url( $referer, PHP_URL_SCHEME ) );
+    } else {
+        $secure = false;
+    }
     setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );

Note: See TracChangeset for help on using the changeset viewer.