Mirrors/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-20 19:56:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Security: Set the HttpOnly flag for the test cookie and the wp_lang cookie on the login screen.

Browse Source 
These cookies are only accessed server-side and don't need to be exposed to JavaScript in the browser.

Props earthman100, kevinlearynet

Fixes #61322

Built from https://develop.svn.wordpress.org/trunk@59671


git-svn-id: http://core.svn.wordpress.org/trunk@59014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
John Blackbourn 2025-01-21 13:19:21 +00:00
parent 78c401da14
commit 783c6905dd
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
$wp_version = '6.8-alpha-59670';
$wp_version = '6.8-alpha-59671';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

6
wp-login.php
View File

@ -528,14 +528,14 @@ if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set.
// Set a cookie now to see if they are supported by the browser.
$secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) );
setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure, true );
if ( SITECOOKIEPATH !== COOKIEPATH ) {
setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure, true );
}
if ( isset( $_GET['wp_lang'] ) ) {
setcookie( 'wp_lang', sanitize_text_field( $_GET['wp_lang'] ), 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
setcookie( 'wp_lang', sanitize_text_field( $_GET['wp_lang'] ), 0, COOKIEPATH, COOKIE_DOMAIN, $secure, true );
}
/**