WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#7521 closed defect (bug) (fixed)

wp_validate_auth_cookie ignore $scheme parameter when $cookie value is empty

Reported by: bendalton Owned by:
Milestone: 2.7 Priority: normal
Severity: major Version: 2.6
Component: General Keywords: bbPress cookie
Focuses: Cc:

Description

in pluggable.php, wp_validate_auth_cookie ignore $scheme parameter when $cookie value is empty. This breaks the use case when you want to validate a users cookie with the scheme 'logged_in'.

This breaks any plugins that use this functionality, specifically bbPress 1.0alpha.

Attachments (3)

patch.diff (896 bytes) - added by bendalton 10 years ago.
Fixes the function to use the $scheme parameter when validating user cookies
patch2.diff (1.3 KB) - added by bendalton 10 years ago.
Patch fixes bug but also preserves if_ssl() cookie name in the case that no $scheme is provided
2.7.diff (1.1 KB) - added by bendalton 10 years ago.
Patched to fix bug on most recent revision (8724)

Download all attachments as: .zip

Change History (12)

@bendalton
10 years ago

Fixes the function to use the $scheme parameter when validating user cookies

#1 @bendalton
10 years ago

  • Owner changed from Ben Dalton to bendalton
  • Status changed from new to assigned

#2 @bendalton
10 years ago

  • Owner bendalton deleted
  • Status changed from assigned to new

#3 @bendalton
10 years ago

I attached a working and semi-tested patch. (it shouldn't break anything and I haven't seen any problems)

#4 @ryan
10 years ago

  • Milestone changed from 2.6.1 to 2.7

Too late for 2.6.1.

#5 @ryan
10 years ago

Some places rely on the current behavior where the scheme is guessed when the cookie is empty. Perhaps we can default the scheme to empty and use an empty scheme to signal that the scheme should be guessed based on is_ssl().

@bendalton
10 years ago

Patch fixes bug but also preserves if_ssl() cookie name in the case that no $scheme is provided

#6 @bendalton
10 years ago

ryan: that makes sense... I attached a new diff with that functionality preserved

#7 @ryan
10 years ago

Looks good. Let me do some testing and then I'll commit.

@bendalton
10 years ago

Patched to fix bug on most recent revision (8724)

#8 @bendalton
10 years ago

Okay, it looks like someone else committed changes first. Anyway their changes still leave the cookie validation broken. I've submitted yet another patch.

#9 @ryan
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [8731]) Don't ignore scheme when cookie value is empty. Props bendalton. fixes #7521

Note: See TracTickets for help on using tickets.