mirror of
git://develop.git.wordpress.org/
synced 2025-02-26 01:22:47 +01:00
Fix the wp-settings-* cookies used in getUserSetting()/setUserSetting(). They should be set without COOKIE_DOMAIN to work properly for sub-domains. Fixes #29095.
git-svn-id: https://develop.svn.wordpress.org/trunk@29478 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Ozz
parent
6d6bce429d
commit
b343d48221
@ -128,8 +128,8 @@ var wpCookies = {
|
||||
*
|
||||
* This is done by setting it to an empty value and setting the expiration time in the past.
|
||||
*/
|
||||
remove: function( name, path ) {
|
||||
this.set( name, '', -1000, path );
|
||||
remove: function( name, path, domain, secure ) {
|
||||
this.set( name, '', -1000, path, domain, secure );
|
||||
}
|
||||
};
|
||||
|
||||
@ -157,9 +157,9 @@ function setUserSetting( name, value, _del ) {
|
||||
}
|
||||
|
||||
var uid = userSettings.uid,
|
||||
oldUid = uid.lastIndexOf('-') > 0 ? uid.substring( 0, uid.lastIndexOf('-') ) : 0,
|
||||
settings = wpCookies.getHash( 'wp-settings-' + uid ),
|
||||
path = userSettings.url;
|
||||
path = userSettings.url,
|
||||
secure = !! userSettings.secure;
|
||||
|
||||
name = name.toString().replace( /[^A-Za-z0-9_]/, '' );
|
||||
|
||||
@ -169,17 +169,6 @@ function setUserSetting( name, value, _del ) {
|
||||
value = value.toString().replace( /[^A-Za-z0-9_]/, '' );
|
||||
}
|
||||
|
||||
if ( oldUid ) {
|
||||
if ( ! settings ) {
|
||||
settings = wpCookies.getHash( 'wp-settings-' + oldUid );
|
||||
}
|
||||
// Delete old cookies
|
||||
if ( wpCookies.get( 'wp-settings-time-' + oldUid ) ) {
|
||||
wpCookies.remove( 'wp-settings-' + oldUid, path );
|
||||
wpCookies.remove( 'wp-settings-time-' + oldUid, path );
|
||||
}
|
||||
}
|
||||
|
||||
settings = settings || {};
|
||||
|
||||
if ( _del ) {
|
||||
@ -188,8 +177,8 @@ function setUserSetting( name, value, _del ) {
|
||||
settings[name] = value;
|
||||
}
|
||||
|
||||
wpCookies.setHash( 'wp-settings-' + uid, settings, 31536000, path );
|
||||
wpCookies.set( 'wp-settings-time-' + uid, userSettings.time, 31536000, path );
|
||||
wpCookies.setHash( 'wp-settings-' + uid, settings, 31536000, path, '', secure );
|
||||
wpCookies.set( 'wp-settings-time-' + uid, userSettings.time, 31536000, path, '', secure );
|
||||
|
||||
return name;
|
||||
}
|
||||
@ -204,14 +193,5 @@ function getAllUserSettings() {
|
||||
return {};
|
||||
}
|
||||
|
||||
var uid = userSettings.uid,
|
||||
settings = wpCookies.getHash( 'wp-settings-' + uid );
|
||||
|
||||
// Try the old format cookie
|
||||
if ( ! settings && uid.lastIndexOf('-') > 0 ) {
|
||||
uid = uid.substring( 0, uid.lastIndexOf('-') );
|
||||
settings = wpCookies.getHash( 'wp-settings-' + uid );
|
||||
}
|
||||
|
||||
return settings || {};
|
||||
return wpCookies.getHash( 'wp-settings-' + userSettings.uid ) || {};
|
||||
}
|
||||
|
||||
@ -726,17 +726,16 @@ function wp_user_settings() {
|
||||
}
|
||||
|
||||
$settings = (string) get_user_option( 'user-settings', $user_id );
|
||||
$uid = $user_id . '-' . get_current_blog_id();
|
||||
|
||||
if ( isset( $_COOKIE['wp-settings-' . $uid] ) ) {
|
||||
$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $uid] );
|
||||
if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
|
||||
$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
|
||||
|
||||
// No change or both empty
|
||||
if ( $cookie == $settings )
|
||||
return;
|
||||
|
||||
$last_saved = (int) get_user_option( 'user-settings-time', $user_id );
|
||||
$current = isset( $_COOKIE['wp-settings-time-' . $uid]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $uid] ) : 0;
|
||||
$current = isset( $_COOKIE['wp-settings-time-' . $user_id]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user_id] ) : 0;
|
||||
|
||||
// The cookie is newer than the saved value. Update the user_option and leave the cookie as-is
|
||||
if ( $current > $last_saved ) {
|
||||
@ -748,9 +747,9 @@ function wp_user_settings() {
|
||||
|
||||
// The cookie is not set in the current browser or the saved value is newer.
|
||||
$secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) );
|
||||
setcookie( 'wp-settings-' . $uid, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
|
||||
setcookie( 'wp-settings-time-' . $uid, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
|
||||
$_COOKIE['wp-settings-' . $uid] = $settings;
|
||||
setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
|
||||
setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
|
||||
$_COOKIE['wp-settings-' . $user_id] = $settings;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -846,20 +845,19 @@ function get_all_user_settings() {
|
||||
}
|
||||
|
||||
$user_settings = array();
|
||||
$uid = $user_id . '-' . get_current_blog_id();
|
||||
|
||||
if ( isset( $_COOKIE['wp-settings-' . $uid] ) ) {
|
||||
$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $uid] );
|
||||
} elseif ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
|
||||
if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
|
||||
$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
|
||||
}
|
||||
|
||||
if ( ! empty( $cookie ) && strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
|
||||
parse_str( $cookie, $user_settings );
|
||||
if ( strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
|
||||
parse_str( $cookie, $user_settings );
|
||||
}
|
||||
} else {
|
||||
$option = get_user_option( 'user-settings', $user_id );
|
||||
if ( $option && is_string( $option ) )
|
||||
|
||||
if ( $option && is_string( $option ) ) {
|
||||
parse_str( $option, $user_settings );
|
||||
}
|
||||
}
|
||||
|
||||
$_updated_user_settings = $user_settings;
|
||||
@ -914,9 +912,8 @@ function delete_all_user_settings() {
|
||||
return;
|
||||
}
|
||||
|
||||
$uid = $user_id . '-' . get_current_blog_id();
|
||||
update_user_option( $user_id, 'user-settings', '', false );
|
||||
setcookie( 'wp-settings-' . $uid, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
|
||||
setcookie( 'wp-settings-' . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -72,8 +72,9 @@ function wp_default_scripts( &$scripts ) {
|
||||
$scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" );
|
||||
did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array(
|
||||
'url' => (string) SITECOOKIEPATH,
|
||||
'uid' => get_current_user_id() . '-' . get_current_blog_id(),
|
||||
'uid' => (string) get_current_user_id(),
|
||||
'time' => (string) time(),
|
||||
'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ),
|
||||
) );
|
||||
|
||||
$scripts->add( 'common', "/wp-admin/js/common$suffix.js", array('jquery', 'hoverIntent', 'utils'), false, 1 );
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user