Set the secure flag on the wp-saving-post cookie when using HTTPS.

This cookie doesn't contain any sensitive information, but this change brings its behaviour in line with all other core cookies. Fixes #31056 Built from https://develop.svn.wordpress.org/trunk@34027 git-svn-id: http://core.svn.wordpress.org/trunk@33996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 22:42:23 +00:00
parent 5918b30cdd
commit 9bf86a74d0
4 changed files with 5 additions and 4 deletions
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -190,7 +190,7 @@ case 'editpost':

 	// Session cookie flag that the post was saved
 	if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) {
-		setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS );
+		setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() );
 	}

 	redirect_post($post_id); // Send user on their way while we keep working