From 8b45cb4496052b5536269de556136d198e2be358 Mon Sep 17 00:00:00 2001 From: Misha Tavkhelidze Date: Thu, 4 Jun 2015 13:27:51 +0400 Subject: [PATCH 1/2] Add httponly flag to cookies. --- src/system/core/Input.php | 4 ++-- src/system/core/Security.php | 4 ++-- src/system/libraries/Session.php | 6 ++++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/system/core/Input.php b/src/system/core/Input.php index 40305745..675c73a7 100644 --- a/src/system/core/Input.php +++ b/src/system/core/Input.php @@ -284,7 +284,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, true } // -------------------------------------------------------------------- @@ -863,4 +863,4 @@ class CI_Input { } /* End of file Input.php */ -/* Location: ./system/core/Input.php */ \ No newline at end of file +/* Location: ./system/core/Input.php */ diff --git a/src/system/core/Security.php b/src/system/core/Security.php index 4c265d4d..f6cd0ead 100644 --- a/src/system/core/Security.php +++ b/src/system/core/Security.php @@ -190,7 +190,7 @@ class CI_Security { return FALSE; } - setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); + setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie, true); log_message('debug', "CRSF cookie Set"); @@ -872,4 +872,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ \ No newline at end of file +/* Location: ./system/core/Security.php */ diff --git a/src/system/libraries/Session.php b/src/system/libraries/Session.php index 2bf879e6..d87324a4 100644 --- a/src/system/libraries/Session.php +++ b/src/system/libraries/Session.php @@ -429,7 +429,8 @@ class CI_Session { ($this->now - 31500000), $this->cookie_path, $this->cookie_domain, - 0 + 0, + true ); // Kill session data @@ -685,7 +686,8 @@ class CI_Session { $expire, $this->cookie_path, $this->cookie_domain, - $this->cookie_secure + $this->cookie_secure, + true ); } From e3273582213849e46e6ff5296be1f169bd96399d Mon Sep 17 00:00:00 2001 From: Misha Tavkhelidze Date: Thu, 4 Jun 2015 13:27:51 +0400 Subject: [PATCH 2/2] Add httponly flag to cookies. --- src/system/core/Input.php | 4 ++-- src/system/core/Security.php | 4 ++-- src/system/libraries/Session.php | 6 ++++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/system/core/Input.php b/src/system/core/Input.php index 40305745..86968db1 100644 --- a/src/system/core/Input.php +++ b/src/system/core/Input.php @@ -284,7 +284,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, true); } // -------------------------------------------------------------------- @@ -863,4 +863,4 @@ class CI_Input { } /* End of file Input.php */ -/* Location: ./system/core/Input.php */ \ No newline at end of file +/* Location: ./system/core/Input.php */ diff --git a/src/system/core/Security.php b/src/system/core/Security.php index 4c265d4d..f6cd0ead 100644 --- a/src/system/core/Security.php +++ b/src/system/core/Security.php @@ -190,7 +190,7 @@ class CI_Security { return FALSE; } - setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); + setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie, true); log_message('debug', "CRSF cookie Set"); @@ -872,4 +872,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ \ No newline at end of file +/* Location: ./system/core/Security.php */ diff --git a/src/system/libraries/Session.php b/src/system/libraries/Session.php index 2bf879e6..d87324a4 100644 --- a/src/system/libraries/Session.php +++ b/src/system/libraries/Session.php @@ -429,7 +429,8 @@ class CI_Session { ($this->now - 31500000), $this->cookie_path, $this->cookie_domain, - 0 + 0, + true ); // Kill session data @@ -685,7 +686,8 @@ class CI_Session { $expire, $this->cookie_path, $this->cookie_domain, - $this->cookie_secure + $this->cookie_secure, + true ); }