Set the `secure` flag on the `wp-saving-post` cookie when using HTTPS.

This cookie doesn't contain any sensitive information, but this change brings its behaviour in line with all other core cookies.

Fixes #31056


git-svn-id: https://develop.svn.wordpress.org/trunk@34027 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2015-09-10 22:41:08 +00:00
parent b1a91e4a28
commit bdd42a0902
2 changed files with 3 additions and 2 deletions

View File

@ -190,7 +190,7 @@ case 'editpost':
// Session cookie flag that the post was saved // Session cookie flag that the post was saved
if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) { if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) {
setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS ); setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() );
} }
redirect_post($post_id); // Send user on their way while we keep working redirect_post($post_id); // Send user on their way while we keep working

View File

@ -286,7 +286,8 @@ window.autosave = function() {
}); });
} }
wpCookies.set( 'wp-saving-post', post_id + '-check', 24 * 60 * 60 ); var secure = ( 'https:' === window.location.protocol );
wpCookies.set( 'wp-saving-post', post_id + '-check', 24 * 60 * 60, false, false, secure );
}); });
} }