Correctly set the secure flag for the test cookie based on the login URL scheme, and the same for the user settings cookies based on the admin URL scheme.

Fixes #34159 git-svn-id: https://develop.svn.wordpress.org/trunk@34931 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2015-10-08 03:04:41 +00:00
parent 1e223ff16b
commit 855991c578
2 changed files with 2 additions and 2 deletions
--- a/src/wp-includes/option.php
+++ b/src/wp-includes/option.php
@@ -812,7 +812,7 @@ function wp_user_settings() {
 	}

 	// The cookie is not set in the current browser or the saved value is newer.
-	$secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) );
+	$secure = ( 'https' === parse_url( admin_url(), PHP_URL_SCHEME ) );
 	setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
 	setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
 	$_COOKIE['wp-settings-' . $user_id] = $settings;
--- a/src/wp-login.php
+++ b/src/wp-login.php
@@ -393,7 +393,7 @@ if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
 }

 //Set a cookie now to see if they are supported by the browser.
-$secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) && 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
+$secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) );
 setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
 if ( SITECOOKIEPATH != COOKIEPATH )
 	setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );