Seb35 has uploaded a new change for review. https://gerrit.wikimedia.org/r/81614
Change subject: Set a non-secure attribute when clearing a cookie ...................................................................... Set a non-secure attribute when clearing a cookie Added a parameter to User::clearCookie to set specify the status of the Secure attribute of the cookie. Used this parameter for the forceHTTPS cookie which might be requested to be non-secure when cleared. Bug: 53379 Change-Id: I01d18127a2206afe695b513714cfec683dd710ec --- M includes/User.php 1 file changed, 7 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/14/81614/1 diff --git a/includes/User.php b/includes/User.php index 25b35b3..1401aa8 100644 --- a/includes/User.php +++ b/includes/User.php @@ -3144,9 +3144,13 @@ /** * Clear a cookie on the user's client * @param string $name Name of the cookie to clear + * @param bool $secure + * true: Force setting the secure attribute when setting the cookie + * false: Force NOT setting the secure attribute when setting the cookie + * null (default): Use the default ($wgCookieSecure) to set the secure attribute */ - protected function clearCookie( $name ) { - $this->setCookie( $name, '', time() - 86400 ); + protected function clearCookie( $name, $secure = null ) { + $this->setCookie( $name, '', time() - 86400, $secure ); } /** @@ -3231,7 +3235,7 @@ $this->clearCookie( 'UserID' ); $this->clearCookie( 'Token' ); - $this->clearCookie( 'forceHTTPS' ); + $this->clearCookie( 'forceHTTPS', false ); // Remember when user logged out, to prevent seeing cached pages $this->setCookie( 'LoggedOut', time(), time() + 86400 ); -- To view, visit https://gerrit.wikimedia.org/r/81614 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I01d18127a2206afe695b513714cfec683dd710ec Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Seb35 <seb35wikipe...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits