From 855991c5789dec9077ce282647d85e677e63a1b9 Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Thu, 8 Oct 2015 03:04:41 +0000 Subject: [PATCH] Correctly set the `secure` flag for the test cookie based on the login URL scheme, and the same for the user settings cookies based on the admin URL scheme. Fixes #34159 git-svn-id: https://develop.svn.wordpress.org/trunk@34931 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/option.php | 2 +- src/wp-login.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/wp-includes/option.php b/src/wp-includes/option.php index f3d495d3ba..562438743a 100644 --- a/src/wp-includes/option.php +++ b/src/wp-includes/option.php @@ -812,7 +812,7 @@ function wp_user_settings() { } // The cookie is not set in the current browser or the saved value is newer. - $secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ); + $secure = ( 'https' === parse_url( admin_url(), PHP_URL_SCHEME ) ); setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure ); setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure ); $_COOKIE['wp-settings-' . $user_id] = $settings; diff --git a/src/wp-login.php b/src/wp-login.php index 42db80b191..13adb3f141 100644 --- a/src/wp-login.php +++ b/src/wp-login.php @@ -393,7 +393,7 @@ if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set } //Set a cookie now to see if they are supported by the browser. -$secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) && 'https' === parse_url( home_url(), PHP_URL_SCHEME ) ); +$secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) ); setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure ); if ( SITECOOKIEPATH != COOKIEPATH ) setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );