mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-22 13:45:02 +00:00
Improve security of PHP session variable by setting HttpOnly flag. Fixes #129.
This commit is contained in:
parent
855079b438
commit
d17925a662
3 changed files with 5 additions and 4 deletions
|
@ -32,6 +32,7 @@
|
|||
- Improved the search engine indexing algorithm. It now shouldn't choke on certain special characters (`[]{}|`) and will treat them as word boundaries.
|
||||
- Fixed tag links at the bottom of pages for tags with a single quote (`'`) in them.
|
||||
- Correct error message when attempting to move a page
|
||||
- Improved security of PHP session cookie by setting HttpOnly flag.
|
||||
|
||||
## v0.12.1
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ $guiConfig = <<<'GUICONFIG'
|
|||
}},
|
||||
"admins": {"type": "array", "description": "An array of usernames that are administrators. Administrators can delete and move pages.", "default": [ "admin" ]},
|
||||
"anonymous_user_name": { "type": "text", "description": "The default name for anonymous users.", "default": "Anonymous" },
|
||||
"user_preferences_button_text": { "type": "text", "description": "The text to display on the button that lets logged in users chang their settings. Defaults to a cog (aka a 'gear' in unicode-land).", "default": "⚙" },
|
||||
"user_preferences_button_text": { "type": "text", "description": "The text to display on the button that lets logged in users chang their settings. Defaults to a cog (aka a 'gear' in unicode-land).", "default": "⚙ " },
|
||||
"use_sha3": {"type": "checkbox", "description": "Whether to use the new sha3 hashing algorithm for passwords etc.", "default": false },
|
||||
"require_login_view": {"type": "checkbox", "description": "Whether to require that users login before they do anything else. Best used with the data_storage_dir option.", "default": false},
|
||||
"data_storage_dir": {"type": "text", "description": "The directory in which to store all files, except the main index.php.", "default": "."},
|
||||
|
@ -357,7 +357,7 @@ $paths->upload_file_prefix = "Files/"; // The prefix to add to uploaded files
|
|||
|
||||
session_start();
|
||||
// Make sure that the login cookie lasts beyond the end of the user's session
|
||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime);
|
||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime, "", "", false, true);
|
||||
///////// Login System /////////
|
||||
// Clear expired sessions
|
||||
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
||||
|
@ -1377,7 +1377,7 @@ class page_renderer
|
|||
{
|
||||
$result .= "<span class='inflexible logged-in" . ($env->is_logged_in ? " moderator" : " normal-user") . "'>";
|
||||
if(module_exists("feature-user-preferences")) {
|
||||
$result .= "<a href='?action=user-preferences'>$settings->user_preferences_button_text</a> ";
|
||||
$result .= "<a href='?action=user-preferences'>$settings->user_preferences_button_text</a>";
|
||||
}
|
||||
$result .= self::render_username($env->user) . " <small>(<a href='index.php?action=logout'>Logout</a>)</small>";
|
||||
$result .= "</span>";
|
||||
|
|
2
core.php
2
core.php
|
@ -39,7 +39,7 @@ $paths->upload_file_prefix = "Files/"; // The prefix to add to uploaded files
|
|||
|
||||
session_start();
|
||||
// Make sure that the login cookie lasts beyond the end of the user's session
|
||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime);
|
||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime, "", "", false, true);
|
||||
///////// Login System /////////
|
||||
// Clear expired sessions
|
||||
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
||||
|
|
Loading…
Reference in a new issue