Add blog_id to the wp-settings-* cookie (used for storing user stat…

…e) to prevent it being overloaded on sub-domain sites. Fixes #29095. Built from https://develop.svn.wordpress.org/trunk@29362 git-svn-id: http://core.svn.wordpress.org/trunk@29138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
going1000 · Aug 2, 2014 · 9662554 · 9662554
1 parent 28170e0
commit 9662554
Show file tree

Hide file tree

Showing 4 changed files with 131 additions and 74 deletions.
diff --git a/wp-includes/js/utils.js b/wp-includes/js/utils.js
@@ -3,25 +3,27 @@
 // utility functions
 
 var wpCookies = {
-// The following functions are from Cookie.js class in TinyMCE, Moxiecode, used under LGPL.
+// The following functions are from Cookie.js class in TinyMCE 3, Moxiecode, used under LGPL.
 
-	each : function(obj, cb, scope) {
+	each: function( obj, cb, scope ) {
 		var n, l;
 
-		if ( !obj )
+		if ( ! obj ) {
 			return 0;
+		}
 
 		scope = scope || obj;
 
-		if ( typeof(obj.length) != 'undefined' ) {
+		if ( typeof( obj.length ) !== 'undefined' ) {
 			for ( n = 0, l = obj.length; n < l; n++ ) {
-				if ( cb.call(scope, obj[n], n, obj) === false )
+				if ( cb.call( scope, obj[n], n, obj ) === false ) {
 					return 0;
+				}
 			}
 		} else {
 			for ( n in obj ) {
 				if ( obj.hasOwnProperty(n) ) {
-					if ( cb.call(scope, obj[n], n, obj) === false ) {
+					if ( cb.call( scope, obj[n], n, obj ) === false ) {
 						return 0;
 					}
 				}
@@ -34,63 +36,66 @@ var wpCookies = {
 	 * Get a multi-values cookie.
 	 * Returns a JS object with the name: 'value' pairs.
 	 */
-	getHash : function(name) {
-		var all = this.get(name), ret;
+	getHash: function( name ) {
+		var cookie = this.get( name ), values;
 
-		if ( all ) {
-			this.each( all.split('&'), function(pair) {
+		if ( cookie ) {
+			this.each( cookie.split('&'), function( pair ) {
 				pair = pair.split('=');
-				ret = ret || {};
-				ret[pair[0]] = pair[1];
+				values = values || {};
+				values[pair[0]] = pair[1];
 			});
 		}
-		return ret;
+
+		return values;
 	},
 
 	/**
 	 * Set a multi-values cookie.
 	 *
 	 * 'values_obj' is the JS object that is stored. It is encoded as URI in wpCookies.set().
 	 */
-	setHash : function(name, values_obj, expires, path, domain, secure) {
+	setHash: function( name, values_obj, expires, path, domain, secure ) {
 		var str = '';
 
-		this.each(values_obj, function(val, key) {
-			str += (!str ? '' : '&') + key + '=' + val;
+		this.each( values_obj, function( val, key ) {
+			str += ( ! str ? '' : '&' ) + key + '=' + val;
 		});
 
-		this.set(name, str, expires, path, domain, secure);
+		this.set( name, str, expires, path, domain, secure );
 	},
 
 	/**
 	 * Get a cookie.
 	 */
-	get : function(name) {
+	get: function( name ) {
 		var e, b,
 			cookie = document.cookie,
 			p = name + '=';
 
-		if ( !cookie )
+		if ( ! cookie ) {
 			return;
+		}
 
-		b = cookie.indexOf('; ' + p);
+		b = cookie.indexOf( '; ' + p );
 
-		if ( b == -1 ) {
+		if ( b === -1 ) {
 			b = cookie.indexOf(p);
 
-			if ( b !== 0 )
+			if ( b !== 0 ) {
 				return null;
-
+			}
 		} else {
 			b += 2;
 		}
 
 		e = cookie.indexOf( ';', b );
 
-		if ( e == -1 )
+		if ( e === -1 ) {
 			e = cookie.length;
+		}
 
-		return decodeURIComponent( cookie.substring(b + p.length, e) );
+		return decodeURIComponent( cookie.substring( b + p.length, e ) );
 	},
 
 	/**
@@ -99,13 +104,13 @@ var wpCookies = {
 	 * The 'expires' arg can be either a JS Date() object set to the expiration date (back-compat)
 	 * or the number of seconds until expiration
 	 */
-	set : function(name, value, expires, path, domain, secure) {
+	set: function( name, value, expires, path, domain, secure ) {
 		var d = new Date();
 
-		if ( typeof(expires) == 'object' && expires.toGMTString ) {
+		if ( typeof( expires ) === 'object' && expires.toGMTString ) {
 			expires = expires.toGMTString();
-		} else if ( parseInt(expires, 10) ) {
-			d.setTime( d.getTime() + ( parseInt(expires, 10) * 1000 ) ); // time must be in miliseconds
+		} else if ( parseInt( expires, 10 ) ) {
+			d.setTime( d.getTime() + ( parseInt( expires, 10 ) * 1000 ) ); // time must be in miliseconds
 			expires = d.toGMTString();
 		} else {
 			expires = '';
@@ -123,41 +128,68 @@ var wpCookies = {
 	 *
 	 * This is done by setting it to an empty value and setting the expiration time in the past.
 	 */
-	remove : function(name, path) {
-		this.set(name, '', -1000, path);
+	remove: function( name, path ) {
+		this.set( name, '', -1000, path );
 	}
 };
 
 // Returns the value as string. Second arg or empty string is returned when value is not set.
 function getUserSetting( name, def ) {
-	var obj = getAllUserSettings();
+	var settings = getAllUserSettings();
 
-	if ( obj.hasOwnProperty(name) )
-		return obj[name];
+	if ( settings.hasOwnProperty( name ) ) {
+		return settings[name];
+	}
 
-	if ( typeof def != 'undefined' )
+	if ( typeof def !== 'undefined' ) {
 		return def;
+	}
 
 	return '';
 }
 
 // Both name and value must be only ASCII letters, numbers or underscore
 // and the shorter, the better (cookies can store maximum 4KB). Not suitable to store text.
+// The value is converted and stored as string.
 function setUserSetting( name, value, _del ) {
-	if ( 'object' !== typeof userSettings )
+	if ( 'object' !== typeof userSettings ) {
 		return false;
+	}
+
+	var uid = userSettings.uid,
+		oldUid = uid.lastIndexOf('-') > 0 ? uid.substring( 0, uid.lastIndexOf('-') ) : 0,
+		settings = wpCookies.getHash( 'wp-settings-' + uid ),
+		path = userSettings.url;
 
-	var cookie = 'wp-settings-' + userSettings.uid, all = wpCookies.getHash(cookie) || {}, path = userSettings.url,
-	n = name.toString().replace(/[^A-Za-z0-9_]/, ''), v = value.toString().replace(/[^A-Za-z0-9_]/, '');
+	name = name.toString().replace( /[^A-Za-z0-9_]/, '' );
+
+	if ( typeof value === 'number' ) {
+		value = parseInt( value, 10 );
+	} else {
+		value = value.toString().replace( /[^A-Za-z0-9_]/, '' );
+	}
+
+	if ( oldUid ) {
+		if ( ! settings ) {
+			settings = wpCookies.getHash( 'wp-settings-' + oldUid );
+		}
+		// Delete old cookies
+		if ( wpCookies.get( 'wp-settings-time-' + oldUid ) ) {
+			wpCookies.remove( 'wp-settings-' + oldUid, path );
+			wpCookies.remove( 'wp-settings-time-' + oldUid, path );
+		}
+	}
+
+	settings = settings || {};
 
 	if ( _del ) {
-		delete all[n];
+		delete settings[name];
 	} else {
-		all[n] = v;
+		settings[name] = value;
 	}
 
-	wpCookies.setHash(cookie, all, 31536000, path);
-	wpCookies.set('wp-settings-time-'+userSettings.uid, userSettings.time, 31536000, path);
+	wpCookies.setHash( 'wp-settings-' + uid, settings, 31536000, path );
+	wpCookies.set( 'wp-settings-time-' + uid, userSettings.time, 31536000, path );
 
 	return name;
 }
@@ -168,8 +200,18 @@ function deleteUserSetting( name ) {
 
 // Returns all settings as js object.
 function getAllUserSettings() {
-	if ( 'object' !== typeof userSettings )
+	if ( 'object' !== typeof userSettings ) {
 		return {};
+	}
+
+	var uid = userSettings.uid,
+		settings = wpCookies.getHash( 'wp-settings-' + uid );
+
+	// Try the old format cookie
+	if ( ! settings && uid.lastIndexOf('-') > 0 ) {
+		uid = uid.substring( 0, uid.lastIndexOf('-') );
+		settings = wpCookies.getHash( 'wp-settings-' + uid );
+	}
 
-	return wpCookies.getHash('wp-settings-' + userSettings.uid) || {};
+	return settings || {};
 }
diff --git a/wp-includes/js/utils.min.js b/wp-includes/js/utils.min.js