Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-25 22:35:02 +02:00
Code Issues Projects Releases Wiki Activity

Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954).

Browse Source 
see #15330.

Built from https://develop.svn.wordpress.org/trunk@28627


git-svn-id: http://core.svn.wordpress.org/trunk@28447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2014-05-30 15:08:15 +00:00
parent 15a1f80885
commit 733057e7d6
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/pluggable.php
View File

@ -818,8 +818,12 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
$expire = 0;
}
if ( '' === $secure )
if ( '' === $secure ) {
$secure = is_ssl();
}
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
/**
* Filter whether the connection is secure.
@ -840,7 +844,7 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', false, $user_id, $secure );
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE;