Set the `secure` flag on the `wp-saving-post` cookie when using HTTPS.

This cookie doesn't contain any sensitive information, but this change brings its behaviour in line with all other core cookies.

Fixes #31056

Built from https://develop.svn.wordpress.org/trunk@34027


git-svn-id: http://core.svn.wordpress.org/trunk@33996 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/post.php

@@ -190,7 +190,7 @@ case 'editpost':
 
 	// Session cookie flag that the post was saved
 	if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) {
-		setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS );
+		setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() );
 	}
 
 	redirect_post($post_id); // Send user on their way while we keep working

wp-includes/js/autosave.js

@@ -286,7 +286,8 @@ window.autosave = function() {
 						});
 					}
 
-					wpCookies.set( 'wp-saving-post', post_id + '-check', 24 * 60 * 60 );
+					var secure = ( 'https:' === window.location.protocol );
+					wpCookies.set( 'wp-saving-post', post_id + '-check', 24 * 60 * 60, false, false, secure );
 				});
 			}
 

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.4-alpha-34026';
+$wp_version = '4.4-alpha-34027';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.