Don't append HTTPOnly if cookie domain is empty. see #7677
git-svn-id: https://develop.svn.wordpress.org/trunk@8811 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
04d12df410
commit
eb093c7182
|
@ -72,7 +72,11 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
|
||||||
else
|
else
|
||||||
$this->options['password'] = $opt['password'];
|
$this->options['password'] = $opt['password'];
|
||||||
|
|
||||||
$this->options['ssl'] = ( !empty($opt['ssl']) );
|
$this->options['ssl'] = false;
|
||||||
|
if ( isset($opt['ssl']) )
|
||||||
|
$this->options['ssl'] = ( !empty($opt['ssl']) );
|
||||||
|
elseif ( isset( $opt['connection_type']) )
|
||||||
|
$this->options['ssl'] = ( 'ftps' == $opt['connection_type'] );
|
||||||
}
|
}
|
||||||
|
|
||||||
function connect() {
|
function connect() {
|
||||||
|
|
|
@ -448,7 +448,7 @@ function WP_Filesystem( $args = false ) {
|
||||||
|
|
||||||
require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php');
|
require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php');
|
||||||
|
|
||||||
$method = get_filesystem_method();
|
$method = get_filesystem_method($args);
|
||||||
|
|
||||||
if ( ! $method )
|
if ( ! $method )
|
||||||
return false;
|
return false;
|
||||||
|
@ -471,7 +471,7 @@ function WP_Filesystem( $args = false ) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
function get_filesystem_method() {
|
function get_filesystem_method($args = array()) {
|
||||||
$method = false;
|
$method = false;
|
||||||
if( function_exists('getmyuid') && function_exists('fileowner') ){
|
if( function_exists('getmyuid') && function_exists('fileowner') ){
|
||||||
$temp_file = wp_tempnam();
|
$temp_file = wp_tempnam();
|
||||||
|
@ -480,6 +480,11 @@ function get_filesystem_method() {
|
||||||
unlink($temp_file);
|
unlink($temp_file);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( isset($args['connection_type']) && 'ssh' == $args['connection_type'] ) {
|
||||||
|
$method = 'SSH2';
|
||||||
|
return apply_filters('filesystem_method', $method);
|
||||||
|
}
|
||||||
|
|
||||||
if ( ! $method && extension_loaded('ftp') ) $method = 'ftpext';
|
if ( ! $method && extension_loaded('ftp') ) $method = 'ftpext';
|
||||||
if ( ! $method && ( extension_loaded('sockets') || function_exists('fsockopen') ) ) $method = 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread
|
if ( ! $method && ( extension_loaded('sockets') || function_exists('fsockopen') ) ) $method = 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread
|
||||||
return apply_filters('filesystem_method', $method);
|
return apply_filters('filesystem_method', $method);
|
||||||
|
@ -502,7 +507,12 @@ function request_filesystem_credentials($form_post, $type = '', $error = false)
|
||||||
$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? $_POST['hostname'] : $credentials['hostname']);
|
$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? $_POST['hostname'] : $credentials['hostname']);
|
||||||
$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? $_POST['username'] : $credentials['username']);
|
$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? $_POST['username'] : $credentials['username']);
|
||||||
$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? $_POST['password'] : $credentials['password']);
|
$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? $_POST['password'] : $credentials['password']);
|
||||||
$credentials['ssl'] = defined('FTP_SSL') ? FTP_SSL : ( isset($_POST['ssl']) ? $_POST['ssl'] : $credentials['ssl']);
|
if ( defined('FTP_SSH') || 'ssh' == $_POST['connection_type'] )
|
||||||
|
$credentials['connection_type'] = 'ssh';
|
||||||
|
else if ( defined('FTP_SSL') || 'ftps' == $_POST['connection_type'] )
|
||||||
|
$credentials['connection_type'] = 'ftps';
|
||||||
|
else
|
||||||
|
$credentials['connection_type'] = 'ftp';
|
||||||
|
|
||||||
if ( ! $error && !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) {
|
if ( ! $error && !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) {
|
||||||
$stored_credentials = $credentials;
|
$stored_credentials = $credentials;
|
||||||
|
@ -516,8 +526,12 @@ function request_filesystem_credentials($form_post, $type = '', $error = false)
|
||||||
$ssl = '';
|
$ssl = '';
|
||||||
if ( !empty($credentials) )
|
if ( !empty($credentials) )
|
||||||
extract($credentials, EXTR_OVERWRITE);
|
extract($credentials, EXTR_OVERWRITE);
|
||||||
if( $error )
|
if ( $error ) {
|
||||||
echo '<div id="message" class="error"><p>' . __('<strong>Error:</strong> There was an error connecting to the server, Please verify the settings are correct.') . '</p></div>';
|
$error_string = __('<strong>Error:</strong> There was an error connecting to the server, Please verify the settings are correct.');
|
||||||
|
if ( is_wp_error($error) )
|
||||||
|
$error_string = $error->get_error_message();
|
||||||
|
echo '<div id="message" class="error"><p>' . $error_string . '</p></div>';
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
<form action="<?php echo $form_post ?>" method="post">
|
<form action="<?php echo $form_post ?>" method="post">
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
|
@ -525,28 +539,25 @@ function request_filesystem_credentials($form_post, $type = '', $error = false)
|
||||||
<p><?php _e('To perform the requested action, FTP connection information is required.') ?></p>
|
<p><?php _e('To perform the requested action, FTP connection information is required.') ?></p>
|
||||||
<table class="form-table">
|
<table class="form-table">
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th scope="row"><label for="hostname"><?php _e('Hostname:') ?></label></th>
|
<th scope="row"><label for="hostname"><?php _e('Hostname') ?></label></th>
|
||||||
<td><input name="hostname" type="text" id="hostname" value="<?php echo attribute_escape($hostname) ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
|
<td><input name="hostname" type="text" id="hostname" value="<?php echo attribute_escape($hostname) ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th scope="row"><label for="username"><?php _e('Username:') ?></label></th>
|
<th scope="row"><label for="username"><?php _e('Username') ?></label></th>
|
||||||
<td><input name="username" type="text" id="username" value="<?php echo attribute_escape($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
|
<td><input name="username" type="text" id="username" value="<?php echo attribute_escape($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th scope="row"><label for="password"><?php _e('Password:') ?></label></th>
|
<th scope="row"><label for="password"><?php _e('Password') ?></label></th>
|
||||||
<td><input name="password" type="password" id="password" value=""<?php if( defined('FTP_PASS') ) echo ' disabled="disabled"' ?> size="40" /><?php if( defined('FTP_PASS') && !empty($password) ) echo '<em>'.__('(Password not shown)').'</em>'; ?></td>
|
<td><input name="password" type="password" id="password" value=""<?php if( defined('FTP_PASS') ) echo ' disabled="disabled"' ?> size="40" /><?php if( defined('FTP_PASS') && !empty($password) ) echo '<em>'.__('(Password not shown)').'</em>'; ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th scope="row"><label for="ssl"><?php _e('Use SSL:') ?></label></th>
|
<th scope="row"><?php _e('Connection Type') ?></th>
|
||||||
<td>
|
<td>
|
||||||
<select name="ssl" id="ssl"<?php if( defined('FTP_SSL') ) echo ' disabled="disabled"' ?>>
|
<fieldset><legend class="hidden"><?php _e('Connection Type') ?> </legend>
|
||||||
<?php
|
<p><label><input name="connection_type" type="radio" value="ftp" <?php checked('ftp', $connection_type); ?> /> <?php _e('FTP') ?></label><br />
|
||||||
foreach ( array(0 => __('No'), 1 => __('Yes')) as $key => $value ) :
|
<label><input name="connection_type" type="radio" value="ftps" <?php checked('ftps', $connection_type); ?> /> <?php _e('FTPS (SSL)') ?></label><br />
|
||||||
$selected = ($ssl == $value) ? 'selected="selected"' : '';
|
<label><input name="connection_type" type="radio" value="ssh" <?php checked('ssh', $connection_type); ?> /> <?php _e('SSH') ?></label></p>
|
||||||
echo "\n\t<option value='$key' $selected>" . $value . '</option>';
|
</fieldset>
|
||||||
endforeach;
|
|
||||||
?>
|
|
||||||
</select>
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
|
|
@ -27,7 +27,10 @@ function do_plugin_upgrade($plugin) {
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if ( ! WP_Filesystem($credentials) ) {
|
if ( ! WP_Filesystem($credentials) ) {
|
||||||
request_filesystem_credentials($url, '', true); //Failed to connect, Error and request again
|
$error = true;
|
||||||
|
if ( is_object($wp_filesystem) && $wp_filesystem->errors->get_error_code() )
|
||||||
|
$error = $wp_filesystem->errors;
|
||||||
|
request_filesystem_credentials($url, '', $error); //Failed to connect, Error and request again
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -634,17 +634,6 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
|
||||||
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
|
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
|
||||||
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
|
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
|
||||||
|
|
||||||
global $is_safari;
|
|
||||||
// No HTTPOnly for Safari
|
|
||||||
if ( $is_safari ) {
|
|
||||||
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure);
|
|
||||||
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure);
|
|
||||||
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
|
|
||||||
if ( COOKIEPATH != SITECOOKIEPATH )
|
|
||||||
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set httponly if the php version is >= 5.2.0
|
// Set httponly if the php version is >= 5.2.0
|
||||||
if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
|
if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
|
||||||
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
|
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
|
||||||
|
@ -653,11 +642,14 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
|
||||||
if ( COOKIEPATH != SITECOOKIEPATH )
|
if ( COOKIEPATH != SITECOOKIEPATH )
|
||||||
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
|
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
|
||||||
} else {
|
} else {
|
||||||
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN . '; HttpOnly', $secure);
|
$cookie_domain = COOKIE_DOMAIN;
|
||||||
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN . '; HttpOnly', $secure);
|
if ( !empty($cookie_domain) )
|
||||||
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN . '; HttpOnly');
|
$cookie_domain .= '; HttpOnly';
|
||||||
|
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
|
||||||
|
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
|
||||||
|
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain);
|
||||||
if ( COOKIEPATH != SITECOOKIEPATH )
|
if ( COOKIEPATH != SITECOOKIEPATH )
|
||||||
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN . '; HttpOnly');
|
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
Loading…
Reference in New Issue