fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-10 22:12:16 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix #1885 disable SameSite=None if SSL session is not used

Browse source
This commit is contained in:
Kijin Sung 2022-03-22 00:24:54 +09:00
parent 46136660a8
commit 4a2b494508
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/admin/admin.admin.controller.php
View file

@ -758,9 +758,16 @@ class adminAdminController extends admin
throw new Rhymix\Framework\Exception('msg_current_ip_will_be_denied');
}
$site_module_info = Context::get('site_module_info');
$vars->use_samesite = preg_replace('/[^a-zA-Z]/', '', $vars->use_samesite);
if ($vars->use_samesite === 'None' && ($vars->use_session_ssl !== 'Y' || $site_module_info->security !== 'always'))
{
$vars->use_samesite = '';
}
Rhymix\Framework\Config::set('admin.allow', array_values($allowed_ip));
Rhymix\Framework\Config::set('admin.deny', array_values($denied_ip));
Rhymix\Framework\Config::set('session.samesite', preg_replace('/[^a-zA-Z]/', '', $vars->use_samesite));
Rhymix\Framework\Config::set('session.samesite', $vars->use_samesite);
Rhymix\Framework\Config::set('session.use_keys', $vars->use_session_keys === 'Y');
Rhymix\Framework\Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
Rhymix\Framework\Config::set('session.use_ssl_cookies', $vars->use_cookies_ssl === 'Y');