WordPress.org

Make WordPress Core

Changeset 45545


Ignore:
Timestamp:
06/17/2019 07:16:16 PM (5 months ago)
Author:
SergeyBiryukov
Message:

Bootstrap/Load: Set expiration of the recovery mode cookie to the same amount of time for which the token in it is valid: a week by default.

Props david.binda, TimothyBlynJacobs.
Fixes #47480.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-recovery-mode-cookie-service.php

    r45253 r45545  
    3535
    3636        $value = $this->generate_cookie();
    37 
    38         setcookie( RECOVERY_MODE_COOKIE, $value, 0, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
    39 
    40         if ( COOKIEPATH !== SITECOOKIEPATH ) {
    41             setcookie( RECOVERY_MODE_COOKIE, $value, 0, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
    42         }
    43     }
    44 
    45     /**
    46      * Clears the recovery mode cookie.
    47      *
    48      * @since 5.2.0
    49      */
    50     public function clear_cookie() {
    51         setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
    52         setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
    53     }
    54 
    55     /**
    56      * Validates the recovery mode cookie.
    57      *
    58      * @since 5.2.0
    59      *
    60      * @param string $cookie Optionally specify the cookie string.
    61      *                       If omitted, it will be retrieved from the super global.
    62      * @return true|WP_Error True on success, error object on failure.
    63      */
    64     public function validate_cookie( $cookie = '' ) {
    65 
    66         if ( ! $cookie ) {
    67             if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) {
    68                 return new WP_Error( 'no_cookie', __( 'No cookie present.' ) );
    69             }
    70 
    71             $cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ];
    72         }
    73 
    74         $parts = $this->parse_cookie( $cookie );
    75 
    76         if ( is_wp_error( $parts ) ) {
    77             return $parts;
    78         }
    79 
    80         list( , $created_at, $random, $signature ) = $parts;
    81 
    82         if ( ! ctype_digit( $created_at ) ) {
    83             return new WP_Error( 'invalid_created_at', __( 'Invalid cookie format.' ) );
    84         }
    8537
    8638        /**
     
    9244         */
    9345        $length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS );
     46        $expire = time() + $length;
     47
     48        setcookie( RECOVERY_MODE_COOKIE, $value, $expire, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
     49
     50        if ( COOKIEPATH !== SITECOOKIEPATH ) {
     51            setcookie( RECOVERY_MODE_COOKIE, $value, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true );
     52        }
     53    }
     54
     55    /**
     56     * Clears the recovery mode cookie.
     57     *
     58     * @since 5.2.0
     59     */
     60    public function clear_cookie() {
     61        setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
     62        setcookie( RECOVERY_MODE_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
     63    }
     64
     65    /**
     66     * Validates the recovery mode cookie.
     67     *
     68     * @since 5.2.0
     69     *
     70     * @param string $cookie Optionally specify the cookie string.
     71     *                       If omitted, it will be retrieved from the super global.
     72     * @return true|WP_Error True on success, error object on failure.
     73     */
     74    public function validate_cookie( $cookie = '' ) {
     75
     76        if ( ! $cookie ) {
     77            if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) {
     78                return new WP_Error( 'no_cookie', __( 'No cookie present.' ) );
     79            }
     80
     81            $cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ];
     82        }
     83
     84        $parts = $this->parse_cookie( $cookie );
     85
     86        if ( is_wp_error( $parts ) ) {
     87            return $parts;
     88        }
     89
     90        list( , $created_at, $random, $signature ) = $parts;
     91
     92        if ( ! ctype_digit( $created_at ) ) {
     93            return new WP_Error( 'invalid_created_at', __( 'Invalid cookie format.' ) );
     94        }
     95
     96        /** This filter is documented in wp-includes/class-wp-recovery-mode-cookie-service.php */
     97        $length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS );
    9498
    9599        if ( time() > $created_at + $length ) {
Note: See TracChangeset for help on using the changeset viewer.