mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Simplify cookie option code and set security flags httponly and samesite=Lax.

Browse Source 
Include compatibility code for pre-7.3 PHP versions.
This commit is contained in:
Hanno Böck 2020-04-24 20:13:10 +02:00 committed by onli
parent e60dd8dd2d
commit 507ede701a
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
serendipity_config.inc.php
View File

@ -10,9 +10,13 @@ if (defined('S9Y_FRAMEWORK')) {
if (!headers_sent() && php_sapi_name() !== 'cli') {
// Only set the session name, if no session has yet been issued.
if (session_id() == '') {
$cookieParams = session_get_cookie_params();
$cookieParams['secure'] = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? true : false);
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $cookieParams['secure'], $cookieParams['httponly']);
$secure = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on');
if (PHP_VERSION_ID >= 70300) {
session_set_cookie_params(array("secure"=>$secure, "httponly"=>true, "samesite"=>"Lax"));
} else {
// Support for PHP before 7.3, can be removed at some point
session_set_cookie_params(0, '/', '', $secure, true);
}
session_name('s9y_' . md5(dirname(__FILE__)));
session_start();
}