WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#7521 closed defect (bug) (fixed)

wp_validate_auth_cookie ignore $scheme parameter when $cookie value is empty

Reported by: bendalton Owned by:
Milestone: 2.7 Priority: normal
Severity: major Version: 2.6
Component: General Keywords: bbPress cookie
Focuses: Cc:

Description

in pluggable.php, wp_validate_auth_cookie ignore $scheme parameter when $cookie value is empty. This breaks the use case when you want to validate a users cookie with the scheme 'logged_in'.

This breaks any plugins that use this functionality, specifically bbPress 1.0alpha.

Attachments (3)

patch.diff (896 bytes) - added by bendalton 8 years ago.
Fixes the function to use the $scheme parameter when validating user cookies
patch2.diff (1.3 KB) - added by bendalton 8 years ago.
Patch fixes bug but also preserves if_ssl() cookie name in the case that no $scheme is provided
2.7.diff (1.1 KB) - added by bendalton 8 years ago.
Patched to fix bug on most recent revision (8724)

Download all attachments as: .zip

Change History (12)

@bendalton
8 years ago

Fixes the function to use the $scheme parameter when validating user cookies

#1 @bendalton
8 years ago

  • Owner changed from Ben Dalton to bendalton
  • Status changed from new to assigned

#2 @bendalton
8 years ago

  • Owner bendalton deleted
  • Status changed from assigned to new

#3 @bendalton
8 years ago

I attached a working and semi-tested patch. (it shouldn't break anything and I haven't seen any problems)

#4 @ryan
8 years ago

  • Milestone changed from 2.6.1 to 2.7

Too late for 2.6.1.

#5 @ryan
8 years ago

Some places rely on the current behavior where the scheme is guessed when the cookie is empty. Perhaps we can default the scheme to empty and use an empty scheme to signal that the scheme should be guessed based on is_ssl().

@bendalton
8 years ago

Patch fixes bug but also preserves if_ssl() cookie name in the case that no $scheme is provided

#6 @bendalton
8 years ago

ryan: that makes sense... I attached a new diff with that functionality preserved

#7 @ryan
8 years ago

Looks good. Let me do some testing and then I'll commit.

@bendalton
8 years ago

Patched to fix bug on most recent revision (8724)

#8 @bendalton
8 years ago

Okay, it looks like someone else committed changes first. Anyway their changes still leave the cookie validation broken. I've submitted yet another patch.

#9 @ryan
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [8731]) Don't ignore scheme when cookie value is empty. Props bendalton. fixes #7521

Note: See TracTickets for help on using tickets.