mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-26 05:32:59 +00:00
Improve security of PHP session variable by setting HttpOnly flag. Fixes #129.
This commit is contained in:
parent
855079b438
commit
d17925a662
3 changed files with 5 additions and 4 deletions
|
@ -32,6 +32,7 @@
|
||||||
- Improved the search engine indexing algorithm. It now shouldn't choke on certain special characters (`[]{}|`) and will treat them as word boundaries.
|
- Improved the search engine indexing algorithm. It now shouldn't choke on certain special characters (`[]{}|`) and will treat them as word boundaries.
|
||||||
- Fixed tag links at the bottom of pages for tags with a single quote (`'`) in them.
|
- Fixed tag links at the bottom of pages for tags with a single quote (`'`) in them.
|
||||||
- Correct error message when attempting to move a page
|
- Correct error message when attempting to move a page
|
||||||
|
- Improved security of PHP session cookie by setting HttpOnly flag.
|
||||||
|
|
||||||
## v0.12.1
|
## v0.12.1
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ $guiConfig = <<<'GUICONFIG'
|
||||||
}},
|
}},
|
||||||
"admins": {"type": "array", "description": "An array of usernames that are administrators. Administrators can delete and move pages.", "default": [ "admin" ]},
|
"admins": {"type": "array", "description": "An array of usernames that are administrators. Administrators can delete and move pages.", "default": [ "admin" ]},
|
||||||
"anonymous_user_name": { "type": "text", "description": "The default name for anonymous users.", "default": "Anonymous" },
|
"anonymous_user_name": { "type": "text", "description": "The default name for anonymous users.", "default": "Anonymous" },
|
||||||
"user_preferences_button_text": { "type": "text", "description": "The text to display on the button that lets logged in users chang their settings. Defaults to a cog (aka a 'gear' in unicode-land).", "default": "⚙" },
|
"user_preferences_button_text": { "type": "text", "description": "The text to display on the button that lets logged in users chang their settings. Defaults to a cog (aka a 'gear' in unicode-land).", "default": "⚙ " },
|
||||||
"use_sha3": {"type": "checkbox", "description": "Whether to use the new sha3 hashing algorithm for passwords etc.", "default": false },
|
"use_sha3": {"type": "checkbox", "description": "Whether to use the new sha3 hashing algorithm for passwords etc.", "default": false },
|
||||||
"require_login_view": {"type": "checkbox", "description": "Whether to require that users login before they do anything else. Best used with the data_storage_dir option.", "default": false},
|
"require_login_view": {"type": "checkbox", "description": "Whether to require that users login before they do anything else. Best used with the data_storage_dir option.", "default": false},
|
||||||
"data_storage_dir": {"type": "text", "description": "The directory in which to store all files, except the main index.php.", "default": "."},
|
"data_storage_dir": {"type": "text", "description": "The directory in which to store all files, except the main index.php.", "default": "."},
|
||||||
|
@ -357,7 +357,7 @@ $paths->upload_file_prefix = "Files/"; // The prefix to add to uploaded files
|
||||||
|
|
||||||
session_start();
|
session_start();
|
||||||
// Make sure that the login cookie lasts beyond the end of the user's session
|
// Make sure that the login cookie lasts beyond the end of the user's session
|
||||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime);
|
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime, "", "", false, true);
|
||||||
///////// Login System /////////
|
///////// Login System /////////
|
||||||
// Clear expired sessions
|
// Clear expired sessions
|
||||||
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
||||||
|
@ -1377,7 +1377,7 @@ class page_renderer
|
||||||
{
|
{
|
||||||
$result .= "<span class='inflexible logged-in" . ($env->is_logged_in ? " moderator" : " normal-user") . "'>";
|
$result .= "<span class='inflexible logged-in" . ($env->is_logged_in ? " moderator" : " normal-user") . "'>";
|
||||||
if(module_exists("feature-user-preferences")) {
|
if(module_exists("feature-user-preferences")) {
|
||||||
$result .= "<a href='?action=user-preferences'>$settings->user_preferences_button_text</a> ";
|
$result .= "<a href='?action=user-preferences'>$settings->user_preferences_button_text</a>";
|
||||||
}
|
}
|
||||||
$result .= self::render_username($env->user) . " <small>(<a href='index.php?action=logout'>Logout</a>)</small>";
|
$result .= self::render_username($env->user) . " <small>(<a href='index.php?action=logout'>Logout</a>)</small>";
|
||||||
$result .= "</span>";
|
$result .= "</span>";
|
||||||
|
|
2
core.php
2
core.php
|
@ -39,7 +39,7 @@ $paths->upload_file_prefix = "Files/"; // The prefix to add to uploaded files
|
||||||
|
|
||||||
session_start();
|
session_start();
|
||||||
// Make sure that the login cookie lasts beyond the end of the user's session
|
// Make sure that the login cookie lasts beyond the end of the user's session
|
||||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime);
|
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime, "", "", false, true);
|
||||||
///////// Login System /////////
|
///////// Login System /////////
|
||||||
// Clear expired sessions
|
// Clear expired sessions
|
||||||
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
||||||
|
|
Loading…
Reference in a new issue