From 8066547be344810e12ce383297902a157da39859 Mon Sep 17 00:00:00 2001 From: ryan Date: Thu, 6 Jan 2011 04:08:23 +0000 Subject: [PATCH] Add some cookie filters to allow plugins more control over SSL cookie delivery. see #15330 git-svn-id: http://svn.automattic.com/wordpress/trunk@17227 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/pluggable.php | 13 +++++++++---- wp-includes/user.php | 2 ++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 69a3a6c19b..408234000a 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -671,6 +671,9 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { if ( '' === $secure ) $secure = is_ssl(); + $secure = apply_filters('secure_auth_cookie', $secure, $user_id); + $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure); + if ( $secure ) { $auth_cookie_name = SECURE_AUTH_COOKIE; $scheme = 'secure_auth'; @@ -689,18 +692,18 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { if ( version_compare(phpversion(), '5.2.0', 'ge') ) { setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); - setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true); + setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true); if ( COOKIEPATH != SITECOOKIEPATH ) - setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true); + setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true); } else { $cookie_domain = COOKIE_DOMAIN; if ( !empty($cookie_domain) ) $cookie_domain .= '; HttpOnly'; setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure); setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure); - setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain); + setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain, $secure_logged_in_cookie); if ( COOKIEPATH != SITECOOKIEPATH ) - setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain); + setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain, $secure_logged_in_cookie); } } endif; @@ -764,6 +767,8 @@ function auth_redirect() { $secure = ( is_ssl() || force_ssl_admin() ); + $secure = apply_filters('secure_auth_redirect', $secure); + // If https is required and request is http, redirect if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) { if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { diff --git a/wp-includes/user.php b/wp-includes/user.php index c30f7be830..706ded3128 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -43,6 +43,8 @@ function wp_signon( $credentials = '', $secure_cookie = '' ) { if ( '' === $secure_cookie ) $secure_cookie = is_ssl(); + $secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, $credentials); + global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie $auth_secure_cookie = $secure_cookie;