WordPress.org

Make WordPress Core

Changeset 8808


Ignore:
Timestamp:
09/04/2008 07:55:30 PM (10 years ago)
Author:
ryan
Message:

HttpOnly for PHP < 5.2. Props _ck_. see #7677

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r8798 r8808  
    643643            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
    644644    } else {
    645         setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure);
    646         setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure);
    647         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
     645        setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN . '; HttpOnly', $secure);
     646        setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN . '; HttpOnly', $secure);
     647        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN . '; HttpOnly');
    648648        if ( COOKIEPATH != SITECOOKIEPATH )
    649             setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
     649            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN . '; HttpOnly'); 
    650650    }
    651651}
Note: See TracChangeset for help on using the changeset viewer.