Merge "Remove prefix from forceHTTPS cookie"

diff --combined includes/User.php
index f421237,f70b50e..74d1e1f
--- 1/includes/User.php
--- 2/includes/User.php
+++ b/includes/User.php
@@@ -3134,19 -3134,24 +3134,24 @@@ class User 
         *  true: Force setting the secure attribute when setting the cookie
         *  false: Force NOT setting the secure attribute when setting the cookie
         *  null (default): Use the default ($wgCookieSecure) to set the secure attribute
+        * @param array $params Array of options sent passed to WebResponse::setcookie()
         */
-       protected function setCookie( $name, $value, $exp = 0, $secure = null ) {
-               $this->getRequest()->response()->setcookie( $name, $value, $exp, array(
-                       'secure' => $secure,
-               ) );
+       protected function setCookie( $name, $value, $exp = 0, $secure = null, $params = array() ) {
+               $params['secure'] = $secure;
+               $this->getRequest()->response()->setcookie( $name, $value, $exp, $params );
        }
  
        /**
         * Clear a cookie on the user's client
         * @param string $name Name of the cookie to clear
+        * @param bool $secure
+        *  true: Force setting the secure attribute when setting the cookie
+        *  false: Force NOT setting the secure attribute when setting the cookie
+        *  null (default): Use the default ($wgCookieSecure) to set the secure attribute
+        * @param array $params Array of options sent passed to WebResponse::setcookie()
         */
-       protected function clearCookie( $name ) {
-               $this->setCookie( $name, '', time() - 86400 );
+       protected function clearCookie( $name, $secure = null, $params = array() ) {
+               $this->setCookie( $name, '', time() - 86400, $secure, $params );
        }
  
        /**
@@@ -3204,10 -3209,22 +3209,22 @@@
                /**
                 * If wpStickHTTPS was selected, also set an insecure cookie that
                 * will cause the site to redirect the user to HTTPS, if they access
-                * it over HTTP. Bug 29898.
+                * it over HTTP. Bug 29898. Use an un-prefixed cookie, so it's the same
+                * as the one set by centralauth (bug 53538). Also set it to session, or
+                * standard time setting, based on if rememberme was set.
                 */
                if ( $request->getCheck( 'wpStickHTTPS' ) || $this->requiresHTTPS() ) {
-                       $this->setCookie( 'forceHTTPS', 'true', time() + 2592000, false ); //30 days
+                       $time = null;
+                       if ( ( 1 == $this->getOption( 'rememberpassword' ) ) ) {
+                               $time = 0; // set to $wgCookieExpiration
+                       }
+                       $this->setCookie(
+                               'forceHTTPS',
+                               'true',
+                               $time,
+                               false,
+                               array( 'prefix' => '' ) // no prefix
+                       );
                }
        }
  
@@@ -3231,7 -3248,7 +3248,7 @@@
  
                $this->clearCookie( 'UserID' );
                $this->clearCookie( 'Token' );
-               $this->clearCookie( 'forceHTTPS' );
+               $this->clearCookie( 'forceHTTPS', false, array( 'prefix' => '' ) );
  
                // Remember when user logged out, to prevent seeing cached pages
                $this->setCookie( 'LoggedOut', time(), time() + 86400 );
@@@ -3759,7 -3776,8 +3776,7 @@@
                } elseif ( $type === true ) {
                        $message = 'confirmemail_body_changed';
                } else {
 -                      // Give grep a chance to find the usages:
 -                      // confirmemail_body_changed, confirmemail_body_set
 +                      // Messages: confirmemail_body_changed, confirmemail_body_set
                        $message = 'confirmemail_body_' . $type;
                }