From f2a0b5267d88766d0bc8cd19cab26db375209612 Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Sun, 10 Sep 2017 21:09:45 +0000
Subject: [PATCH] Login and Registration: Pass the user session token to the
 `set_auth_cookie` and `set_logged_in_cookie` filters.

This also adds some missing `@since` parameters for other uses of the token so that developers know when the token was first made available to various filters.

Fixes #41849

Built from https://develop.svn.wordpress.org/trunk@41365


git-svn-id: http://core.svn.wordpress.org/trunk@41198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/pluggable.php | 10 ++++++++--
 wp-includes/version.php   |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 882660ae3a..c4e271518b 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -694,6 +694,7 @@ if ( !function_exists('wp_generate_auth_cookie') ) :
  * Generate authentication cookie contents.
  *
  * @since 2.5.0
+ * @since 4.0.0 The `$token` parameter was added.
  *
  * @param int    $user_id    User ID
  * @param int    $expiration The time the cookie expires as a UNIX timestamp.
@@ -726,6 +727,7 @@ function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $toke
 	 * Filters the authentication cookie.
 	 *
 	 * @since 2.5.0
+	 * @since 4.0.0 The `$token` parameter was added.
 	 *
 	 * @param string $cookie     Authentication cookie.
 	 * @param int    $user_id    User ID.
@@ -874,6 +876,7 @@ function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token =
 	 * Fires immediately before the authentication cookie is set.
 	 *
 	 * @since 2.5.0
+	 * @since 4.9.0 The `$token` parameter was added.
 	 *
 	 * @param string $auth_cookie Authentication cookie.
 	 * @param int    $expire      The time the login grace period expires as a UNIX timestamp.
@@ -882,13 +885,15 @@ function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token =
 	 *                            Default is 14 days from now.
 	 * @param int    $user_id     User ID.
 	 * @param string $scheme      Authentication scheme. Values include 'auth', 'secure_auth', or 'logged_in'.
+	 * @param string $token       User's session token to use for this cookie.
 	 */
-	do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme );
+	do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token );
 
 	/**
 	 * Fires immediately before the logged-in authentication cookie is set.
 	 *
 	 * @since 2.6.0
+	 * @since 4.9.0 The `$token` parameter was added.
 	 *
 	 * @param string $logged_in_cookie The logged-in cookie.
 	 * @param int    $expire           The time the login grace period expires as a UNIX timestamp.
@@ -897,8 +902,9 @@ function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token =
 	 *                                 Default is 14 days from now.
 	 * @param int    $user_id          User ID.
 	 * @param string $scheme           Authentication scheme. Default 'logged_in'.
+	 * @param string $token            User's session token to use for this cookie.
 	 */
-	do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in' );
+	do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token );
 
 	/**
 	 * Allows preventing auth cookies from actually being sent to the client.
diff --git a/wp-includes/version.php b/wp-includes/version.php
index d1da761367..05e66922fc 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.9-alpha-41364';
+$wp_version = '4.9-alpha-41365';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.