mark cookies HTTP only
This commit is contained in:
Roland Gruber
parent
b38bc8bc8a
commit
36f054b84e
|
|
@ -662,7 +662,7 @@ class lamList {
|
||||||
$cookieValue .= $this->configOptions[$i]->getID() . "=" . $this->configOptions[$i]->getValue() . ';';
|
$cookieValue .= $this->configOptions[$i]->getID() . "=" . $this->configOptions[$i]->getValue() . ';';
|
||||||
}
|
}
|
||||||
// save options as cookie for one year
|
// save options as cookie for one year
|
||||||
setcookie("ListOptions_" . $this->type, $cookieValue, time()+60*60*24*365, "/");
|
setcookie("ListOptions_" . $this->type, $cookieValue, time()+60*60*24*365, "/", null, null, true);
|
||||||
// notify subclasses
|
// notify subclasses
|
||||||
$this->listConfigurationChanged();
|
$this->listConfigurationChanged();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -157,8 +157,8 @@ function logoffAndBackToLoginPage() {
|
||||||
}
|
}
|
||||||
// delete key and iv in cookie
|
// delete key and iv in cookie
|
||||||
if (function_exists('mcrypt_create_iv')) {
|
if (function_exists('mcrypt_create_iv')) {
|
||||||
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
|
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/", null, null, true);
|
||||||
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
|
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/", null, null, true);
|
||||||
}
|
}
|
||||||
// link back to login page
|
// link back to login page
|
||||||
$paths = array('./', '../', '../../', '../../../', '../../../../');
|
$paths = array('./', '../', '../../', '../../../', '../../../../');
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,7 @@ include_once('../../lib/status.inc');
|
||||||
if (strtolower(session_module_name()) == 'files') {
|
if (strtolower(session_module_name()) == 'files') {
|
||||||
session_save_path(dirname(__FILE__) . '/../../sess');
|
session_save_path(dirname(__FILE__) . '/../../sess');
|
||||||
}
|
}
|
||||||
|
session_set_cookie_params(0, '/', null, null, true);
|
||||||
session_start();
|
session_start();
|
||||||
session_regenerate_id(true);
|
session_regenerate_id(true);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,7 @@ include_once('../../lib/status.inc');
|
||||||
if (strtolower(session_module_name()) == 'files') {
|
if (strtolower(session_module_name()) == 'files') {
|
||||||
session_save_path(dirname(__FILE__) . '/../../sess');
|
session_save_path(dirname(__FILE__) . '/../../sess');
|
||||||
}
|
}
|
||||||
|
session_set_cookie_params(0, '/', null, null, true);
|
||||||
session_start();
|
session_start();
|
||||||
session_regenerate_id(true);
|
session_regenerate_id(true);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -54,6 +54,7 @@ if (strtolower(session_module_name()) == 'files') {
|
||||||
// start empty session and change ID for security reasons
|
// start empty session and change ID for security reasons
|
||||||
session_start();
|
session_start();
|
||||||
session_destroy();
|
session_destroy();
|
||||||
|
session_set_cookie_params(0, '/', null, null, true);
|
||||||
session_start();
|
session_start();
|
||||||
session_regenerate_id(true);
|
session_regenerate_id(true);
|
||||||
|
|
||||||
|
|
@ -62,7 +63,7 @@ $profiles = getConfigProfiles();
|
||||||
// save last selected login profile
|
// save last selected login profile
|
||||||
if (isset($_GET['useProfile'])) {
|
if (isset($_GET['useProfile'])) {
|
||||||
if (in_array($_GET['useProfile'], $profiles)) {
|
if (in_array($_GET['useProfile'], $profiles)) {
|
||||||
setcookie("lam_default_profile", $_GET['useProfile'], time() + 365*60*60*24);
|
setcookie("lam_default_profile", $_GET['useProfile'], time() + 365*60*60*24, '/', null, null, true);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
unset($_GET['useProfile']);
|
unset($_GET['useProfile']);
|
||||||
|
|
@ -71,7 +72,7 @@ if (isset($_GET['useProfile'])) {
|
||||||
|
|
||||||
// save last selected language
|
// save last selected language
|
||||||
if (isset($_POST['language'])) {
|
if (isset($_POST['language'])) {
|
||||||
setcookie('lam_last_language', htmlspecialchars($_POST['language']), time() + 365*60*60*24);
|
setcookie('lam_last_language', htmlspecialchars($_POST['language']), time() + 365*60*60*24, '/', null, null, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// init some session variables
|
// init some session variables
|
||||||
|
|
@ -166,8 +167,8 @@ function display_LoginPage($config_object, $cfgMain) {
|
||||||
$iv = mcrypt_create_iv(32, MCRYPT_RAND);
|
$iv = mcrypt_create_iv(32, MCRYPT_RAND);
|
||||||
}
|
}
|
||||||
// save both in cookie
|
// save both in cookie
|
||||||
setcookie("Key", base64_encode($key), 0, "/");
|
setcookie("Key", base64_encode($key), 0, "/", null, null, true);
|
||||||
setcookie("IV", base64_encode($iv), 0, "/");
|
setcookie("IV", base64_encode($iv), 0, "/", null, null, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
$profiles = getConfigProfiles();
|
$profiles = getConfigProfiles();
|
||||||
|
|
@ -536,10 +537,10 @@ if(!empty($_POST['checklogin'])) {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (isset($_POST['rememberLogin']) && ($_POST['rememberLogin'] == 'on')) {
|
if (isset($_POST['rememberLogin']) && ($_POST['rememberLogin'] == 'on')) {
|
||||||
setcookie('lam_login_name', $_POST['username'], time() + 60*60*24*365);
|
setcookie('lam_login_name', $_POST['username'], time() + 60*60*24*365, '/', null, null, true);
|
||||||
}
|
}
|
||||||
else if (isset($_COOKIE['lam_login_name']) && ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH)) {
|
else if (isset($_COOKIE['lam_login_name']) && ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH)) {
|
||||||
setcookie('lam_login_name', '', time() + 60*60*24*365);
|
setcookie('lam_login_name', '', time() + 60*60*24*365, '/', null, null, true);
|
||||||
}
|
}
|
||||||
if($_POST['passwd'] == "") {
|
if($_POST['passwd'] == "") {
|
||||||
logNewMessage(LOG_DEBUG, "Empty password for login");
|
logNewMessage(LOG_DEBUG, "Empty password for login");
|
||||||
|
|
|
||||||
|
|
@ -31,8 +31,8 @@ $Id$
|
||||||
|
|
||||||
// delete key and iv in cookie
|
// delete key and iv in cookie
|
||||||
if (function_exists('mcrypt_create_iv')) {
|
if (function_exists('mcrypt_create_iv')) {
|
||||||
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
|
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/", null, null, true);
|
||||||
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
|
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/", null, null, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** security functions */
|
/** security functions */
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue