diff options
Diffstat (limited to 'plugins/jetpack/modules/wordads/php/class-wordads-california-privacy.php')
-rw-r--r-- | plugins/jetpack/modules/wordads/php/class-wordads-california-privacy.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/plugins/jetpack/modules/wordads/php/class-wordads-california-privacy.php b/plugins/jetpack/modules/wordads/php/class-wordads-california-privacy.php index b2e9135c..2cfa54a6 100644 --- a/plugins/jetpack/modules/wordads/php/class-wordads-california-privacy.php +++ b/plugins/jetpack/modules/wordads/php/class-wordads-california-privacy.php @@ -136,7 +136,7 @@ class WordAds_California_Privacy { $host = 'localhost'; if ( isset( $_SERVER['HTTP_HOST'] ) ) { - $host = $_SERVER['HTTP_HOST']; + $host = filter_var( wp_unslash( $_SERVER['HTTP_HOST'] ) ); } return '.wordpress.com' === substr( $host, -strlen( '.wordpress.com' ) ) ? '.wordpress.com' : '.' . $host; @@ -166,7 +166,7 @@ class WordAds_California_Privacy { * @return bool True if the cookie could be set. */ private static function set_optout_cookie() { - return setcookie( self::get_cookie_name(), self::get_optout_cookie_string(), time() + ( 5 * YEAR_IN_SECONDS ), '/', self::get_cookie_domain() ); + return setcookie( self::get_cookie_name(), self::get_optout_cookie_string(), time() + ( 5 * YEAR_IN_SECONDS ), '/', self::get_cookie_domain(), is_ssl(), false ); // phpcs:ignore Jetpack.Functions.SetCookie -- Want this accessible. } /** @@ -175,7 +175,7 @@ class WordAds_California_Privacy { * @return bool True if the cookie could be set. */ private static function set_optin_cookie() { - return setcookie( self::get_cookie_name(), self::get_optin_cookie_string(), time() + YEAR_IN_SECONDS, '/', self::get_cookie_domain() ); + return setcookie( self::get_cookie_name(), self::get_optin_cookie_string(), time() + YEAR_IN_SECONDS, '/', self::get_cookie_domain(), is_ssl(), false ); // phpcs:ignore Jetpack.Functions.SetCookie -- Want this accessible. } /** @@ -184,7 +184,7 @@ class WordAds_California_Privacy { public static function handle_optout_request() { check_ajax_referer( 'ccpa_optout', 'security' ); - $optout = 'true' === $_POST['optout']; + $optout = isset( $_POST['optout'] ) && 'true' === $_POST['optout']; $optout ? self::set_optout_cookie() : self::set_optin_cookie(); wp_send_json_success( $optout ); |