From 636c562256420ad7b624e9b9a99c1ba9a3e55910 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 24 Jun 2008 22:19:27 +0000
Subject: [PATCH] SSL fixes. see #7001

git-svn-id: http://svn.automattic.com/wordpress/trunk@8190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/async-upload.php   | 4 +++-
 wp-admin/includes/media.php | 2 +-
 wp-includes/pluggable.php   | 4 ++--
 wp-login.php                | 2 +-
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php
index 59feb8cec..18b810414 100644
--- a/wp-admin/async-upload.php
+++ b/wp-admin/async-upload.php
@@ -10,7 +10,9 @@ else
 	require_once('../wp-load.php');
 
 // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
-if ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
+if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
+	$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
+elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
 	$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
 unset($current_user);
 require_once('admin.php');
diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 0c25801f3..cf530d426 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -850,7 +850,7 @@ jQuery(function($){
 			file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
 			post_params : {
 				"post_id" : "<?php echo $post_id; ?>",
-				"auth_cookie" : "<?php echo $_COOKIE[AUTH_COOKIE]; ?>",
+				"auth_cookie" : "<?php if ( is_ssl() ) echo $_COOKIE[SECURE_AUTH_COOKIE]; else echo $_COOKIE[AUTH_COOKIE]; ?>",
 				"_wpnonce" : "<?php echo wp_create_nonce('media-form'); ?>",
 				"type" : "<?php echo $type; ?>",
 				"tab" : "<?php echo $tab; ?>",
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index b390a3a41..535f42416 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -589,8 +589,8 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
 	$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
 	$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
 
-	do_action('set_auth_cookie', $auth_cookie, $expire, $scheme);
-	do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in');
+	do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
+	do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
 
 	setcookie($auth_cookie_name, $auth_cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure);
 	setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
diff --git a/wp-login.php b/wp-login.php
index ba97b12d0..1a0490b29 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -411,7 +411,7 @@ default:
 	else
 		$redirect_to = 'wp-admin/';
 
-	if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) )
+	if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
 		$secure_cookie = false;
 	else
 		$secure_cookie = '';