fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 02:31:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Improve cookie secure setting values

Browse source 
HTTPS 를 사용하는 상황에 대한 판단을 할 수 있는 상황에서 쿠키의 secure flag 를 달아준다.
This commit is contained in:
Min-Soo Kim 2018-04-22 23:58:13 +09:00
parent 3c1e5bd64f
commit 73da2af393
6 changed files with 12 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
classes/context/Context.class.php
View file

@ -300,7 +300,7 @@ class Context
{ {
if($_COOKIE['lang_type'] !== $lang_type) if($_COOKIE['lang_type'] !== $lang_type)
{ {
setcookie('lang_type', $lang_type, $_SERVER['REQUEST_TIME'] + 3600 * 24 * 1000, '/'); setcookie('lang_type', $lang_type, time() + 86400, '/', null, RX_SSL, true);
} }
} }
elseif($_COOKIE['lang_type']) elseif($_COOKIE['lang_type'])
@ -316,7 +316,7 @@ class Context
if(!strncasecmp($lang_code, $_SERVER['HTTP_ACCEPT_LANGUAGE'], strlen($lang_code))) if(!strncasecmp($lang_code, $_SERVER['HTTP_ACCEPT_LANGUAGE'], strlen($lang_code)))
{ {
$lang_type = $lang_code; $lang_type = $lang_code;
setcookie('lang_type', $lang_type, $_SERVER['REQUEST_TIME'] + 3600 * 24 * 1000, '/'); setcookie('lang_type', $lang_type, time() + 86400, '/', null, RX_SSL, true);
} }
} }
} }

2
classes/mobile/Mobile.class.php
View file

@ -73,7 +73,7 @@ class Mobile
$uatype = $uahash . ':' . (self::$_ismobile ? '1' : '0'); $uatype = $uahash . ':' . (self::$_ismobile ? '1' : '0');
if ($cookie !== $uatype) if ($cookie !== $uatype)
{ {
setcookie('rx_uatype', $uatype, 0); setcookie('rx_uatype', $uatype, 0, null, null, RX_SSL, true);
$_COOKIE['rx_uatype'] = $uatype; $_COOKIE['rx_uatype'] = $uatype;
} }

4
common/framework/session.php
View file

@ -294,8 +294,10 @@ class Session
// Step 1: if the current site is not the default site, send SSO validation request to the default site. // Step 1: if the current site is not the default site, send SSO validation request to the default site.
if(!$is_default_domain && !\Context::get('sso_response') && $_COOKIE['sso'] !== md5($current_domain)) if(!$is_default_domain && !\Context::get('sso_response') && $_COOKIE['sso'] !== md5($current_domain))
{ {
$ssl_only = (\RX_SSL && config('session.use_ssl')) ? true : false;
// Set sso cookie to prevent multiple simultaneous SSO validation requests. // Set sso cookie to prevent multiple simultaneous SSO validation requests.
setcookie('sso', md5($current_domain), 0, '/'); setcookie('sso', md5($current_domain), 0, '/', null, null, $ssl_only, true);
// Redirect to the default site. // Redirect to the default site.
$sso_request = Security::encrypt($current_url); $sso_request = Security::encrypt($current_url);

3
common/js/common.js
View file

@ -1055,7 +1055,8 @@ function getOuterHTML(obj) {
function setCookie(name, value, expire, path) { function setCookie(name, value, expire, path) {
var s_cookie = name + "=" + escape(value) + var s_cookie = name + "=" + escape(value) +
((!expire) ? "" : ("; expires=" + expire.toGMTString())) + ((!expire) ? "" : ("; expires=" + expire.toGMTString())) +
"; path=" + ((!path) ? "/" : path); "; path=" + ((!path) ? "/" : path) +
((enforce_ssl) ? ";secure" : "");
document.cookie = s_cookie; document.cookie = s_cookie;
} }

4
modules/member/member.view.php
View file

@ -191,8 +191,10 @@ class memberView extends member
*/ */
function dispMemberSignUpForm() function dispMemberSignUpForm()
{ {
$ssl_only = (\RX_SSL && config('session.use_ssl')) ? true : false;
//setcookie for redirect url in case of going to member sign up //setcookie for redirect url in case of going to member sign up
setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER']); setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, null, null, $ssl_only, true);
$member_config = $this->member_config; $member_config = $this->member_config;

2
widgets/login_info/skins/ncenter_login/js/ncenter.js
View file

@ -8,7 +8,7 @@
dt.setTime(dt.getTime() + (d * 24 * 60 * 60000)); dt.setTime(dt.getTime() + (d * 24 * 60 * 60000));
e = "; expires=" + dt.toGMTString(); e = "; expires=" + dt.toGMTString();
} }
document.cookie = n + "=" + v + e + "; path=/"; document.cookie = n + "=" + v + e + "; path=/" + ((enforce_ssl) ? ";secure" : "");
} }
var n = $('#nc_container'); var n = $('#nc_container');