Make WordPress Core

Changeset 8190


Ignore:
Timestamp:
06/24/2008 10:19:27 PM (17 years ago)
Author:
ryan
Message:

SSL fixes. see #7001

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/async-upload.php

    r8023 r8190  
    1111
    1212// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
    13 if ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
     13if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
     14    $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
     15elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
    1416    $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
    1517unset($current_user);
  • trunk/wp-admin/includes/media.php

    r8189 r8190  
    851851            post_params : {
    852852                "post_id" : "<?php echo $post_id; ?>",
    853                 "auth_cookie" : "<?php echo $_COOKIE[AUTH_COOKIE]; ?>",
     853                "auth_cookie" : "<?php if ( is_ssl() ) echo $_COOKIE[SECURE_AUTH_COOKIE]; else echo $_COOKIE[AUTH_COOKIE]; ?>",
    854854                "_wpnonce" : "<?php echo wp_create_nonce('media-form'); ?>",
    855855                "type" : "<?php echo $type; ?>",
  • trunk/wp-includes/pluggable.php

    r8164 r8190  
    590590    $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
    591591
    592     do_action('set_auth_cookie', $auth_cookie, $expire, $scheme);
    593     do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in');
     592    do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
     593    do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
    594594
    595595    setcookie($auth_cookie_name, $auth_cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure);
  • trunk/wp-login.php

    r8069 r8190  
    412412        $redirect_to = 'wp-admin/';
    413413
    414     if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) )
     414    if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
    415415        $secure_cookie = false;
    416416    else
Note: See TracChangeset for help on using the changeset viewer.