gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-12 04:31:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

turn off http only cookies if large file upload is enabled (Bug #132)

Browse Source
This commit is contained in:
Uwe Steinmann 2014-03-13 12:51:48 +01:00
parent 2aa129772b
commit 52e24892f6
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
inc/inc.Authentication.php
View File

@ -97,6 +97,7 @@ if (!$user->isAdmin()) {
/* Update cookie lifetime */ /* Update cookie lifetime */
if($settings->_cookieLifetime) { if($settings->_cookieLifetime) {
$lifetime = time() + intval($settings->_cookieLifetime); $lifetime = time() + intval($settings->_cookieLifetime);
setcookie("mydms_session", $dms_session, $lifetime, $settings->_httpRoot, null, null, true); /* Turn off http only cookies if jumploader is enabled */
setcookie("mydms_session", $dms_session, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload);
} }
?> ?>

5
op/op.Login.php
View File

@ -245,7 +245,8 @@ if (isset($_COOKIE["mydms_session"])) {
/* Load session */ /* Load session */
$dms_session = $_COOKIE["mydms_session"]; $dms_session = $_COOKIE["mydms_session"];
if(!$resArr = $session->load($dms_session)) { if(!$resArr = $session->load($dms_session)) {
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, null, true); //delete cookie /* Turn off http only cookies if jumploader is enabled */
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer); header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit; exit;
} else { } else {
@ -263,7 +264,7 @@ if (isset($_COOKIE["mydms_session"])) {
$lifetime = time() + intval($settings->_cookieLifetime); $lifetime = time() + intval($settings->_cookieLifetime);
else else
$lifetime = 0; $lifetime = 0;
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, true); setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload);
} }
// TODO: by the PHP manual: The superglobals $_GET and $_REQUEST are already decoded. // TODO: by the PHP manual: The superglobals $_GET and $_REQUEST are already decoded.