From b5b118558e0d2d37d8130290c84e5afdace25d1f Mon Sep 17 00:00:00 2001
From: Dion Hulse <dd32@git.wordpress.org>
Date: Sat, 17 Aug 2013 01:19:04 +0000
Subject: [PATCH] WP_HTTP: Cookies: When following redirects, include the
 request cookies in the redirected requests. Fixes #24987

git-svn-id: https://develop.svn.wordpress.org/trunk@25046 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/class-http.php                | 22 ++++++++++++++-
 .../WPHTTP-testcase-redirection-script.php    | 27 +++++++++++++++++++
 tests/tests/http/base.php                     | 11 ++++++++
 3 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/class-http.php b/src/wp-includes/class-http.php
index ba30e278bd..86bf845c0b 100644
--- a/src/wp-includes/class-http.php
+++ b/src/wp-includes/class-http.php
@@ -195,7 +195,19 @@ class WP_Http {
 				$r['headers']['Content-Length'] = strlen( $r['body'] );
 		}
 
-		return $this->_dispatch_request($url, $r);
+		$response = $this->_dispatch_request($url, $r);
+
+		// Append cookies that were used in this request to the response
+		if ( ! empty( $r['cookies'] ) ) {
+      		$cookies_set = wp_list_pluck( $response['cookies'], 'name' );
+      		foreach ( $r['cookies'] as $cookie ) {
+            		if ( ! in_array( $cookie->name, $cookies_set ) && $cookie->test( $url ) ) {
+                        		$response['cookies'][] = $cookie;
+            		}
+      		}
+		}
+
+		return $response;
 	}
 
 	/**
@@ -639,6 +651,14 @@ class WP_Http {
 				$args['method'] = 'GET';
 		}
 
+		// Include valid cookies in the redirect process
+		if ( ! empty( $response['cookies'] ) ) {
+      		foreach ( $response['cookies'] as $cookie ) {
+      			if ( $cookie->test( $redirect_location ) )
+            			$args['cookies'][] = $cookie;
+			}
+		}
+
 		return wp_remote_request( $redirect_location, $args );	
 	}
 }
diff --git a/tests/data/WPHTTP-testcase-redirection-script.php b/tests/data/WPHTTP-testcase-redirection-script.php
index da99786544..02cb946fe1 100644
--- a/tests/data/WPHTTP-testcase-redirection-script.php
+++ b/tests/data/WPHTTP-testcase-redirection-script.php
@@ -96,6 +96,33 @@ if ( isset( $_GET['multiple-location-headers'] ) ) {
 	exit;
 }
 
+if ( isset( $_GET['cookie-test'] ) ) {
+	if ( 'test-cookie' != $_GET['cookie-test'] ) {
+		setcookie( 'api_test_cookie', 'value', time() + 365*24*60*60, '/core/tests/1.0/', 'api.wordpress.org' );
+		setcookie( 'api_test_cookie_minimal', 'value'  );
+		setcookie( 'api_test_cookie_wrong_host', 'value', time() + 365*24*60*60, '/', 'example.com' );
+		setcookie( 'api_test_wildcard_domain', 'value', time() + 365*24*60*60, '/', '.wordpress.org' );
+		setcookie( 'api_test_cookie_expired', 'value', time() - 365*24*60*60, '/', '.wordpress.org' );
+		header( "Location: $url?cookie-test=test-cookie" );
+		exit;
+	}
+
+	if ( empty( $_COOKIE['api_test_cookie'] ) || 'value' != $_COOKIE['api_test_cookie'] )
+		die( 'FAIL_NO_COOKIE' );
+	if ( empty( $_COOKIE['api_test_cookie_minimal'] ) )
+		die( 'FAIL_NO_MINIMAL' );
+	if ( isset( $_COOKIE['api_test_cookie_wrong_host'] ) )
+		die( 'FAIL_WRONG_HOST' );
+	if ( empty( $_COOKIE['api_test_wildcard_domain'] ) )
+		die( 'FAIL_NO_WILDCARD' );
+	if ( isset( $_COOKIE['api_test_cookie_expired'] ) )
+		die( 'FAIL_EXPIRED_COOKIE' );
+
+	echo 'PASS';
+	exit;
+}
+
+
 $rt = isset($_GET['rt']) ? $_GET['rt'] : 5;
 $r = isset($_GET['r']) ? $_GET['r'] : 0;
 
diff --git a/tests/tests/http/base.php b/tests/tests/http/base.php
index 1cc4f3834b..ddc24786b7 100644
--- a/tests/tests/http/base.php
+++ b/tests/tests/http/base.php
@@ -259,4 +259,15 @@ abstract class WP_HTTP_UnitTestCase extends WP_UnitTestCase {
 
 	}
 
+	/**
+	 * Test HTTP Cookie handling
+	 *
+	 * @ticket 21182
+	 */
+	function test_cookie_handling() {
+		$url = 'http://api.wordpress.org/core/tests/1.0/redirection.php?cookie-test=1';
+
+		$res = wp_remote_get( $url );
+		$this->assertEquals( 'PASS', wp_remote_retrieve_body( $res ) );
+	}
 }