From 95045d629bffc8ce377c7a10e63353540ea1b77f Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Thu, 8 Oct 2015 03:05:25 +0000 Subject: [PATCH] Correctly set the `secure` flag for the test cookie based on the login URL scheme, and the same for the user settings cookies based on the admin URL scheme. Fixes #34159 Built from https://develop.svn.wordpress.org/trunk@34931 git-svn-id: http://core.svn.wordpress.org/trunk@34896 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/option.php | 2 +- wp-includes/version.php | 2 +- wp-login.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/wp-includes/option.php b/wp-includes/option.php index f3d495d3ba..562438743a 100644 --- a/wp-includes/option.php +++ b/wp-includes/option.php @@ -812,7 +812,7 @@ function wp_user_settings() { } // The cookie is not set in the current browser or the saved value is newer. - $secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ); + $secure = ( 'https' === parse_url( admin_url(), PHP_URL_SCHEME ) ); setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure ); setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure ); $_COOKIE['wp-settings-' . $user_id] = $settings; diff --git a/wp-includes/version.php b/wp-includes/version.php index d0ebf2b523..1b33670a2f 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-34930'; +$wp_version = '4.4-alpha-34931'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-login.php b/wp-login.php index 42db80b191..13adb3f141 100644 --- a/wp-login.php +++ b/wp-login.php @@ -393,7 +393,7 @@ if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set } //Set a cookie now to see if they are supported by the browser. -$secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) && 'https' === parse_url( home_url(), PHP_URL_SCHEME ) ); +$secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) ); setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure ); if ( SITECOOKIEPATH != COOKIEPATH ) setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );