From d3abd242b05512189cca498c277a5507cbecacf1 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Fri, 5 Sep 2008 05:35:58 +0000
Subject: [PATCH] Don't append HTTPOnly if cookie domain is empty. see #7677

git-svn-id: http://svn.automattic.com/wordpress/trunk@8811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 .../includes/class-wp-filesystem-ftpext.php   |  6 ++-
 wp-admin/includes/file.php                    | 45 ++++++++++++-------
 wp-admin/update.php                           |  5 ++-
 wp-includes/pluggable.php                     | 22 +++------
 4 files changed, 44 insertions(+), 34 deletions(-)
diff --git a/wp-admin/includes/class-wp-filesystem-ftpext.php b/wp-admin/includes/class-wp-filesystem-ftpext.php
index c999d5d78..92d8bc2ac 100644
--- a/wp-admin/includes/class-wp-filesystem-ftpext.php
+++ b/wp-admin/includes/class-wp-filesystem-ftpext.php
@@ -72,7 +72,11 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		else
 			$this->options['password'] = $opt['password'];
 
-		$this->options['ssl'] = ( !empty($opt['ssl']) );
+		$this->options['ssl'] = false;
+		if ( isset($opt['ssl']) )
+			$this->options['ssl'] = ( !empty($opt['ssl']) );
+		elseif ( isset( $opt['connection_type']) )
+			$this->options['ssl'] = ( 'ftps' == $opt['connection_type'] );
 	}
 
 	function connect() {
diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index b5a614fef..c57e3d0f2 100644
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -448,7 +448,7 @@ function WP_Filesystem( $args = false ) {
 
 	require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php');
 
-	$method = get_filesystem_method();
+	$method = get_filesystem_method($args);
 
 	if ( ! $method )
 		return false;
@@ -471,7 +471,7 @@ function WP_Filesystem( $args = false ) {
 	return true;
 }
 
-function get_filesystem_method() {
+function get_filesystem_method($args = array()) {
 	$method = false;
 	if( function_exists('getmyuid') && function_exists('fileowner') ){
 		$temp_file = wp_tempnam();
@@ -480,6 +480,11 @@ function get_filesystem_method() {
 		unlink($temp_file);
 	}
 
+	if ( isset($args['connection_type']) && 'ssh' == $args['connection_type'] ) {
+		$method = 'SSH2';
+		return apply_filters('filesystem_method', $method);
+	}
+
 	if ( ! $method && extension_loaded('ftp') ) $method = 'ftpext';
 	if ( ! $method && ( extension_loaded('sockets') || function_exists('fsockopen') ) ) $method = 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread
 	return apply_filters('filesystem_method', $method);
@@ -502,7 +507,12 @@ function request_filesystem_credentials($form_post, $type = '', $error = false)
 	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? $_POST['hostname'] : $credentials['hostname']);
 	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? $_POST['username'] : $credentials['username']);
 	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? $_POST['password'] : $credentials['password']);
-	$credentials['ssl']      = defined('FTP_SSL')  ? FTP_SSL  : ( isset($_POST['ssl'])      ? $_POST['ssl']      : $credentials['ssl']);
+	if ( defined('FTP_SSH') || 'ssh' == $_POST['connection_type'] )
+		$credentials['connection_type'] = 'ssh';
+	else if ( defined('FTP_SSL') || 'ftps' == $_POST['connection_type'] )
+		$credentials['connection_type'] = 'ftps';
+	else
+		$credentials['connection_type'] = 'ftp';
 
 	if ( ! $error && !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) {
 		$stored_credentials = $credentials;
@@ -516,8 +526,12 @@ function request_filesystem_credentials($form_post, $type = '', $error = false)
 	$ssl = '';
 	if ( !empty($credentials) )
 		extract($credentials, EXTR_OVERWRITE);
-	if( $error )
-		echo '<div id="message" class="error"><p>' . __('<strong>Error:</strong> There was an error connecting to the server, Please verify the settings are correct.') . '</p></div>';
+	if ( $error ) {
+		$error_string = __('<strong>Error:</strong> There was an error connecting to the server, Please verify the settings are correct.');
+		if ( is_wp_error($error) )
+			$error_string = $error->get_error_message();
+		echo '<div id="message" class="error"><p>' . $error_string . '</p></div>';
+	}
 ?>
 <form action="<?php echo $form_post ?>" method="post">
 <div class="wrap">
@@ -525,28 +539,25 @@ function request_filesystem_credentials($form_post, $type = '', $error = false)
 <p><?php _e('To perform the requested action, FTP connection information is required.') ?></p>
 <table class="form-table">
 <tr valign="top">
-<th scope="row"><label for="hostname"><?php _e('Hostname:') ?></label></th>
+<th scope="row"><label for="hostname"><?php _e('Hostname') ?></label></th>
 <td><input name="hostname" type="text" id="hostname" value="<?php echo attribute_escape($hostname) ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
 </tr>
 <tr valign="top">
-<th scope="row"><label for="username"><?php _e('Username:') ?></label></th>
+<th scope="row"><label for="username"><?php _e('Username') ?></label></th>
 <td><input name="username" type="text" id="username" value="<?php echo attribute_escape($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
 </tr>
 <tr valign="top">
-<th scope="row"><label for="password"><?php _e('Password:') ?></label></th>
+<th scope="row"><label for="password"><?php _e('Password') ?></label></th>
 <td><input name="password" type="password" id="password" value=""<?php if( defined('FTP_PASS') ) echo ' disabled="disabled"' ?> size="40" /><?php if( defined('FTP_PASS') && !empty($password) ) echo '<em>'.__('(Password not shown)').'</em>'; ?></td>
 </tr>
 <tr valign="top">
-<th scope="row"><label for="ssl"><?php _e('Use SSL:') ?></label></th>
+<th scope="row"><?php _e('Connection Type') ?></th>
 <td>
-<select name="ssl" id="ssl"<?php if( defined('FTP_SSL') ) echo ' disabled="disabled"' ?>>
-<?php
-foreach ( array(0 => __('No'), 1 => __('Yes')) as $key => $value ) :
-	$selected = ($ssl == $value) ? 'selected="selected"' : '';
-	echo "\n\t<option value='$key' $selected>" . $value . '</option>';
-endforeach;
-?>
-</select>
+<fieldset><legend class="hidden"><?php _e('Connection Type') ?> </legend>
+<p><label><input name="connection_type"  type="radio" value="ftp" <?php checked('ftp', $connection_type); ?>	/> <?php _e('FTP') ?></label><br />
+<label><input name="connection_type" type="radio" value="ftps" <?php checked('ftps', $connection_type); ?> /> <?php _e('FTPS (SSL)') ?></label><br />
+<label><input name="connection_type" type="radio" value="ssh" <?php checked('ssh', $connection_type); ?> /> <?php _e('SSH') ?></label></p>
+</fieldset>
 </td>
 </tr>
 </table>
diff --git a/wp-admin/update.php b/wp-admin/update.php
index 290bb79de..84f859282 100644
--- a/wp-admin/update.php
+++ b/wp-admin/update.php
@@ -27,7 +27,10 @@ function do_plugin_upgrade($plugin) {
 		return;
 
 	if ( ! WP_Filesystem($credentials) ) {
-		request_filesystem_credentials($url, '', true); //Failed to connect, Error and request again
+		$error = true;
+		if ( is_object($wp_filesystem) && $wp_filesystem->errors->get_error_code() )
+			$error = $wp_filesystem->errors;
+		request_filesystem_credentials($url, '', $error); //Failed to connect, Error and request again
 		return;
 	}
 
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index b6cfba8d3..ffbfc620f 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -634,17 +634,6 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
 	do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
 	do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
 
-	global $is_safari;
-	// No HTTPOnly for Safari
-	if ( $is_safari ) {
-		setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure);
-		setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure);
-		setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
-		if ( COOKIEPATH != SITECOOKIEPATH )
-			setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
-		return;
-	}
-
 	// Set httponly if the php version is >= 5.2.0
 	if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
 		setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
@@ -653,11 +642,14 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
 		if ( COOKIEPATH != SITECOOKIEPATH )
 			setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
 	} else {
-		setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN . '; HttpOnly', $secure);
-		setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN . '; HttpOnly', $secure);
-		setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN . '; HttpOnly');
+		$cookie_domain = COOKIE_DOMAIN;
+		if ( !empty($cookie_domain) )
+			$cookie_domain .= '; HttpOnly';
+		setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
+		setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
+		setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain);
 		if ( COOKIEPATH != SITECOOKIEPATH )
-			setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN . '; HttpOnly');	
+			setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain);	
 	}
 }
 endif;

		size="40" />
		size="40" />
		size="40" />'.__('(Password not shown)').''; ?>
		- + + /> + /> + /> +