From 636c562256420ad7b624e9b9a99c1ba9a3e55910 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 24 Jun 2008 22:19:27 +0000 Subject: [PATCH] SSL fixes. see #7001 git-svn-id: http://svn.automattic.com/wordpress/trunk@8190 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/async-upload.php | 4 +++- wp-admin/includes/media.php | 2 +- wp-includes/pluggable.php | 4 ++-- wp-login.php | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php index 59feb8cec2..18b8104141 100644 --- a/wp-admin/async-upload.php +++ b/wp-admin/async-upload.php @@ -10,7 +10,9 @@ else require_once('../wp-load.php'); // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead -if ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) +if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) + $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; +elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; unset($current_user); require_once('admin.php'); diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index 0c25801f31..cf530d426a 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -850,7 +850,7 @@ jQuery(function($){ file_types: "", post_params : { "post_id" : "", - "auth_cookie" : "", + "auth_cookie" : "", "_wpnonce" : "", "type" : "", "tab" : "", diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index b390a3a418..535f424161 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -589,8 +589,8 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme); $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in'); - do_action('set_auth_cookie', $auth_cookie, $expire, $scheme); - do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in'); + do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme); + do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in'); setcookie($auth_cookie_name, $auth_cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure); setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN); diff --git a/wp-login.php b/wp-login.php index ba97b12d0c..1a0490b291 100644 --- a/wp-login.php +++ b/wp-login.php @@ -411,7 +411,7 @@ default: else $redirect_to = 'wp-admin/'; - if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) ) + if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) ) $secure_cookie = false; else $secure_cookie = '';