From b980b3f3108d97397ecd3aa18dd092790a0bbd83 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Fri, 27 Jun 2008 22:54:21 +0000 Subject: [PATCH] Set auth cookie for plugins directory to support direct load plugin files that call auth_redirect(). see #7001 git-svn-id: https://develop.svn.wordpress.org/trunk@8209 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/pluggable.php | 21 ++++++++++++--------- wp-settings.php | 14 ++++++++++++++ 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 7b5d7266c7..514cc7246a 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -592,7 +592,8 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme); do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in'); - setcookie($auth_cookie_name, $auth_cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure); + setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure); + setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure); setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN); if ( COOKIEPATH != SITECOOKIEPATH ) setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN); @@ -606,18 +607,20 @@ if ( !function_exists('wp_clear_auth_cookie') ) : * @since 2.5 */ function wp_clear_auth_cookie() { - setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); - setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); - setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); - setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); - setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); - setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); - setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); - setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); + setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN); + setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN); + setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN); + setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN); setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); // Old cookies + setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); + setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); + setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); + setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); + + // Even older cookies setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); diff --git a/wp-settings.php b/wp-settings.php index 4da868c2bc..32ac53509b 100644 --- a/wp-settings.php +++ b/wp-settings.php @@ -360,6 +360,20 @@ if ( !defined('COOKIEPATH') ) if ( !defined('SITECOOKIEPATH') ) define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('siteurl') . '/' ) ); +/** + * It is possible to define this in wp-config.php + * @since 2.6 + */ +if ( !defined('ADMIN_COOKIE_PATH') ) + define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' ); + +/** + * It is possible to define this in wp-config.php + * @since 2.6 + */ +if ( !defined('PLUGINS_COOKIE_PATH') ) + define( 'PLUGINS_COOKIE_PATH', preg_replace('|https?://[^/]+|i', '', WP_PLUGIN_URL) ); + /** * It is possible to define this in wp-config.php * @since 2.0.0