Fix the `wp-settings-*` cookies used in getUserSetting()/setUserSetting(). They should be set without `COOKIE_DOMAIN` to work properly for sub-domains. Fixes #29095.
git-svn-id: https://develop.svn.wordpress.org/trunk@29478 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
6d6bce429d
commit
b343d48221
|
@ -128,8 +128,8 @@ var wpCookies = {
|
||||||
*
|
*
|
||||||
* This is done by setting it to an empty value and setting the expiration time in the past.
|
* This is done by setting it to an empty value and setting the expiration time in the past.
|
||||||
*/
|
*/
|
||||||
remove: function( name, path ) {
|
remove: function( name, path, domain, secure ) {
|
||||||
this.set( name, '', -1000, path );
|
this.set( name, '', -1000, path, domain, secure );
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -157,9 +157,9 @@ function setUserSetting( name, value, _del ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
var uid = userSettings.uid,
|
var uid = userSettings.uid,
|
||||||
oldUid = uid.lastIndexOf('-') > 0 ? uid.substring( 0, uid.lastIndexOf('-') ) : 0,
|
|
||||||
settings = wpCookies.getHash( 'wp-settings-' + uid ),
|
settings = wpCookies.getHash( 'wp-settings-' + uid ),
|
||||||
path = userSettings.url;
|
path = userSettings.url,
|
||||||
|
secure = !! userSettings.secure;
|
||||||
|
|
||||||
name = name.toString().replace( /[^A-Za-z0-9_]/, '' );
|
name = name.toString().replace( /[^A-Za-z0-9_]/, '' );
|
||||||
|
|
||||||
|
@ -169,17 +169,6 @@ function setUserSetting( name, value, _del ) {
|
||||||
value = value.toString().replace( /[^A-Za-z0-9_]/, '' );
|
value = value.toString().replace( /[^A-Za-z0-9_]/, '' );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( oldUid ) {
|
|
||||||
if ( ! settings ) {
|
|
||||||
settings = wpCookies.getHash( 'wp-settings-' + oldUid );
|
|
||||||
}
|
|
||||||
// Delete old cookies
|
|
||||||
if ( wpCookies.get( 'wp-settings-time-' + oldUid ) ) {
|
|
||||||
wpCookies.remove( 'wp-settings-' + oldUid, path );
|
|
||||||
wpCookies.remove( 'wp-settings-time-' + oldUid, path );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
settings = settings || {};
|
settings = settings || {};
|
||||||
|
|
||||||
if ( _del ) {
|
if ( _del ) {
|
||||||
|
@ -188,8 +177,8 @@ function setUserSetting( name, value, _del ) {
|
||||||
settings[name] = value;
|
settings[name] = value;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpCookies.setHash( 'wp-settings-' + uid, settings, 31536000, path );
|
wpCookies.setHash( 'wp-settings-' + uid, settings, 31536000, path, '', secure );
|
||||||
wpCookies.set( 'wp-settings-time-' + uid, userSettings.time, 31536000, path );
|
wpCookies.set( 'wp-settings-time-' + uid, userSettings.time, 31536000, path, '', secure );
|
||||||
|
|
||||||
return name;
|
return name;
|
||||||
}
|
}
|
||||||
|
@ -204,14 +193,5 @@ function getAllUserSettings() {
|
||||||
return {};
|
return {};
|
||||||
}
|
}
|
||||||
|
|
||||||
var uid = userSettings.uid,
|
return wpCookies.getHash( 'wp-settings-' + userSettings.uid ) || {};
|
||||||
settings = wpCookies.getHash( 'wp-settings-' + uid );
|
|
||||||
|
|
||||||
// Try the old format cookie
|
|
||||||
if ( ! settings && uid.lastIndexOf('-') > 0 ) {
|
|
||||||
uid = uid.substring( 0, uid.lastIndexOf('-') );
|
|
||||||
settings = wpCookies.getHash( 'wp-settings-' + uid );
|
|
||||||
}
|
|
||||||
|
|
||||||
return settings || {};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -726,17 +726,16 @@ function wp_user_settings() {
|
||||||
}
|
}
|
||||||
|
|
||||||
$settings = (string) get_user_option( 'user-settings', $user_id );
|
$settings = (string) get_user_option( 'user-settings', $user_id );
|
||||||
$uid = $user_id . '-' . get_current_blog_id();
|
|
||||||
|
|
||||||
if ( isset( $_COOKIE['wp-settings-' . $uid] ) ) {
|
if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
|
||||||
$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $uid] );
|
$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
|
||||||
|
|
||||||
// No change or both empty
|
// No change or both empty
|
||||||
if ( $cookie == $settings )
|
if ( $cookie == $settings )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
$last_saved = (int) get_user_option( 'user-settings-time', $user_id );
|
$last_saved = (int) get_user_option( 'user-settings-time', $user_id );
|
||||||
$current = isset( $_COOKIE['wp-settings-time-' . $uid]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $uid] ) : 0;
|
$current = isset( $_COOKIE['wp-settings-time-' . $user_id]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user_id] ) : 0;
|
||||||
|
|
||||||
// The cookie is newer than the saved value. Update the user_option and leave the cookie as-is
|
// The cookie is newer than the saved value. Update the user_option and leave the cookie as-is
|
||||||
if ( $current > $last_saved ) {
|
if ( $current > $last_saved ) {
|
||||||
|
@ -748,9 +747,9 @@ function wp_user_settings() {
|
||||||
|
|
||||||
// The cookie is not set in the current browser or the saved value is newer.
|
// The cookie is not set in the current browser or the saved value is newer.
|
||||||
$secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) );
|
$secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) );
|
||||||
setcookie( 'wp-settings-' . $uid, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
|
setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
|
||||||
setcookie( 'wp-settings-time-' . $uid, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
|
setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
|
||||||
$_COOKIE['wp-settings-' . $uid] = $settings;
|
$_COOKIE['wp-settings-' . $user_id] = $settings;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -846,20 +845,19 @@ function get_all_user_settings() {
|
||||||
}
|
}
|
||||||
|
|
||||||
$user_settings = array();
|
$user_settings = array();
|
||||||
$uid = $user_id . '-' . get_current_blog_id();
|
|
||||||
|
|
||||||
if ( isset( $_COOKIE['wp-settings-' . $uid] ) ) {
|
if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
|
||||||
$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $uid] );
|
|
||||||
} elseif ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
|
|
||||||
$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
|
$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
|
||||||
}
|
|
||||||
|
|
||||||
if ( ! empty( $cookie ) && strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
|
if ( strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
|
||||||
parse_str( $cookie, $user_settings );
|
parse_str( $cookie, $user_settings );
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$option = get_user_option( 'user-settings', $user_id );
|
$option = get_user_option( 'user-settings', $user_id );
|
||||||
if ( $option && is_string( $option ) )
|
|
||||||
|
if ( $option && is_string( $option ) ) {
|
||||||
parse_str( $option, $user_settings );
|
parse_str( $option, $user_settings );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$_updated_user_settings = $user_settings;
|
$_updated_user_settings = $user_settings;
|
||||||
|
@ -914,9 +912,8 @@ function delete_all_user_settings() {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$uid = $user_id . '-' . get_current_blog_id();
|
|
||||||
update_user_option( $user_id, 'user-settings', '', false );
|
update_user_option( $user_id, 'user-settings', '', false );
|
||||||
setcookie( 'wp-settings-' . $uid, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
|
setcookie( 'wp-settings-' . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -72,8 +72,9 @@ function wp_default_scripts( &$scripts ) {
|
||||||
$scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" );
|
$scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" );
|
||||||
did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array(
|
did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array(
|
||||||
'url' => (string) SITECOOKIEPATH,
|
'url' => (string) SITECOOKIEPATH,
|
||||||
'uid' => get_current_user_id() . '-' . get_current_blog_id(),
|
'uid' => (string) get_current_user_id(),
|
||||||
'time' => (string) time(),
|
'time' => (string) time(),
|
||||||
|
'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ),
|
||||||
) );
|
) );
|
||||||
|
|
||||||
$scripts->add( 'common', "/wp-admin/js/common$suffix.js", array('jquery', 'hoverIntent', 'utils'), false, 1 );
|
$scripts->add( 'common', "/wp-admin/js/common$suffix.js", array('jquery', 'hoverIntent', 'utils'), false, 1 );
|
||||||
|
|
Loading…
Reference in New Issue