Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954).

see #15330.

Built from https://develop.svn.wordpress.org/trunk@28627


git-svn-id: http://core.svn.wordpress.org/trunk@28447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2014-05-30 15:08:15 +00:00
parent 15a1f80885
commit 733057e7d6
1 changed files with 6 additions and 2 deletions

View File

@ -818,8 +818,12 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
$expire = 0; $expire = 0;
} }
if ( '' === $secure ) if ( '' === $secure ) {
$secure = is_ssl(); $secure = is_ssl();
}
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
/** /**
* Filter whether the connection is secure. * Filter whether the connection is secure.
@ -840,7 +844,7 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
* @param int $user_id User ID. * @param int $user_id User ID.
* @param bool $secure Whether the connection is secure. * @param bool $secure Whether the connection is secure.
*/ */
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', false, $user_id, $secure ); $secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
if ( $secure ) { if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE; $auth_cookie_name = SECURE_AUTH_COOKIE;