sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954).

Browse Source 
see #15330.


git-svn-id: https://develop.svn.wordpress.org/trunk@28627 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2014-05-30 15:07:18 +00:00
parent d87a482353
commit 8d980de0ee
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/wp-includes/pluggable.php
View File

@ -818,8 +818,12 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
$expire = 0;
}
if ( '' === $secure )
if ( '' === $secure ) {
$secure = is_ssl();
}
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
/**
* Filter whether the connection is secure.
@ -840,7 +844,7 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', false, $user_id, $secure );
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE;