mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-03 16:51:40 +09:00
Change Context::isAlwaysSSL() to config('session.use_ssl_cookies')
- Main session cookie is httpOnly if use_ssl is true - SSO cookie is always httpOnly
This commit is contained in:
Kijin Sung
parent
2c9bb88a14
commit
a49f2f5f06
8 changed files with 18 additions and 35 deletions
|
|
@ -300,7 +300,7 @@ class Context
|
|||
{
|
||||
if($_COOKIE['lang_type'] !== $lang_type)
|
||||
{
|
||||
setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, self::isAlwaysSSL());
|
||||
setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, !!config('session.use_ssl_cookies'));
|
||||
}
|
||||
}
|
||||
elseif($_COOKIE['lang_type'])
|
||||
|
|
@ -316,7 +316,7 @@ class Context
|
|||
if(!strncasecmp($lang_code, $_SERVER['HTTP_ACCEPT_LANGUAGE'], strlen($lang_code)))
|
||||
{
|
||||
$lang_type = $lang_code;
|
||||
setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, self::isAlwaysSSL());
|
||||
setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, !!config('session.use_ssl_cookies'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -617,23 +617,6 @@ class Context
|
|||
return self::get('_use_ssl');
|
||||
}
|
||||
|
||||
/**
|
||||
* Return ssl status
|
||||
*
|
||||
* @param boolen $purge_cache Set true to get uncached SSL_enforce value.
|
||||
* @return boolean (true|false)
|
||||
*/
|
||||
public static function isAlwaysSSL($purge_cache = false)
|
||||
{
|
||||
static $ssl_only = null;
|
||||
if(is_null($ssl_only) || $purge_cache === true)
|
||||
{
|
||||
$ssl_only = (self::get('site_module_info')->security === 'always' ? true : false);
|
||||
}
|
||||
return $ssl_only;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return default URL
|
||||
*
|
||||
|
|
@ -1714,13 +1697,12 @@ class Context
|
|||
}
|
||||
|
||||
// If using SSL always
|
||||
$_use_ssl = self::get('_use_ssl');
|
||||
if($_use_ssl == 'always')
|
||||
if($site_module_info->security == 'always')
|
||||
{
|
||||
$query = self::getRequestUri(ENFORCE_SSL, $domain) . $query;
|
||||
}
|
||||
// optional SSL use
|
||||
elseif($_use_ssl == 'optional')
|
||||
elseif($site_module_info->security == 'optional')
|
||||
{
|
||||
$ssl_mode = ((self::get('module') === 'admin') || ($get_vars['module'] === 'admin') || (isset($get_vars['act']) && self::isExistsSSLAction($get_vars['act']))) ? ENFORCE_SSL : RELEASE_SSL;
|
||||
$query = self::getRequestUri($ssl_mode, $domain) . $query;
|
||||
|
|
@ -1786,7 +1768,8 @@ class Context
|
|||
return;
|
||||
}
|
||||
|
||||
if(self::isAlwaysSSL())
|
||||
$site_module_info = self::get('site_module_info');
|
||||
if ($site_module_info->security === 'always')
|
||||
{
|
||||
$ssl_mode = ENFORCE_SSL;
|
||||
}
|
||||
|
|
@ -1801,7 +1784,6 @@ class Context
|
|||
break;
|
||||
}
|
||||
|
||||
$site_module_info = self::get('site_module_info');
|
||||
if ($domain !== null && $domain !== false && $domain !== $site_module_info->domain)
|
||||
{
|
||||
if (!isset($domain_infos[$domain]))
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ class Mobile
|
|||
$uatype = $uahash . ':' . (self::$_ismobile ? '1' : '0');
|
||||
if ($cookie !== $uatype)
|
||||
{
|
||||
setcookie('rx_uatype', $uatype, 0, null, null, Context::isAlwaysSSL());
|
||||
setcookie('rx_uatype', $uatype, 0, null, null, !!config('session.use_ssl_cookies'));
|
||||
$_COOKIE['rx_uatype'] = $uatype;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ class Session
|
|||
ini_set('session.use_cookies', 1);
|
||||
ini_set('session.use_only_cookies', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
session_set_cookie_params($lifetime, $path, null, $ssl_only, true);
|
||||
session_set_cookie_params($lifetime, $path, null, $ssl_only, $ssl_only);
|
||||
session_name($session_name = Config::get('session.name') ?: session_name());
|
||||
|
||||
// Get session ID from POST parameter if using relaxed key checks.
|
||||
|
|
@ -295,7 +295,7 @@ class Session
|
|||
if(!$is_default_domain && !\Context::get('sso_response') && $_COOKIE['sso'] !== md5($current_domain))
|
||||
{
|
||||
// Set sso cookie to prevent multiple simultaneous SSO validation requests.
|
||||
setcookie('sso', md5($current_domain), 0, '/', null, \Context::isAlwaysSSL(), true);
|
||||
setcookie('sso', md5($current_domain), 0, '/', null, !!config('session.use_ssl'), true);
|
||||
|
||||
// Redirect to the default site.
|
||||
$sso_request = Security::encrypt($current_url);
|
||||
|
|
|
|||
|
|
@ -1056,7 +1056,7 @@ function setCookie(name, value, expire, path) {
|
|||
var s_cookie = name + "=" + escape(value) +
|
||||
((!expire) ? "" : ("; expires=" + expire.toGMTString())) +
|
||||
"; path=" + ((!path) ? "/" : path) +
|
||||
((enforce_ssl) ? ";secure" : "");
|
||||
((cookies_ssl) ? ";secure" : "");
|
||||
|
||||
document.cookie = s_cookie;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,7 +55,8 @@
|
|||
var current_mid = {json_encode($mid ?: null)};
|
||||
var http_port = {Context::get("_http_port") ?: 'null'};
|
||||
var https_port = {Context::get("_https_port") ?: 'null'};
|
||||
var enforce_ssl = {Context::get('_use_ssl') === 'always' ? 'true' : 'false'};
|
||||
var enforce_ssl = {$site_module_info->security === 'always' ? 'true' : 'false'};
|
||||
var cookies_ssl = {config('session.use_ssl_cookies') ? 'true' : 'false'};
|
||||
var ssl_actions = {json_encode(array_keys(Context::getSSLActions()))};
|
||||
var xeVid = null;
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -51,8 +51,8 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label">{$lang->use_session_ssl}</label>
|
||||
<div class="x_controls">
|
||||
<label for="use_session_ssl_y" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_y" value="Y" checked="checked"|cond="$use_session_ssl && $use_ssl === 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_yes}</label>
|
||||
<label for="use_session_ssl_n" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_n" value="N" checked="checked"|cond="!$use_session_ssl || $use_ssl !== 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_no}</label>
|
||||
<label for="use_session_ssl_y" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_y" value="Y" checked="checked"|cond="$use_session_ssl && $site_module_info->security === 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_yes}</label>
|
||||
<label for="use_session_ssl_n" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_n" value="N" checked="checked"|cond="!$use_session_ssl || $site_module_info->security !== 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_no}</label>
|
||||
<br />
|
||||
<p class="x_help-block">{$lang->about_use_session_ssl}</p>
|
||||
</div>
|
||||
|
|
@ -60,8 +60,8 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label">{$lang->use_cookies_ssl}</label>
|
||||
<div class="x_controls">
|
||||
<label for="use_cookies_ssl_y" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_y" value="Y" checked="checked"|cond="$use_cookies_ssl && $use_ssl === 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_yes}</label>
|
||||
<label for="use_cookies_ssl_n" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_n" value="N" checked="checked"|cond="!$use_cookies_ssl || $use_ssl !== 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_no}</label>
|
||||
<label for="use_cookies_ssl_y" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_y" value="Y" checked="checked"|cond="$use_cookies_ssl && $site_module_info->security === 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_yes}</label>
|
||||
<label for="use_cookies_ssl_n" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_n" value="N" checked="checked"|cond="!$use_cookies_ssl || $site_module_info->security !== 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_no}</label>
|
||||
<br />
|
||||
<p class="x_help-block">{$lang->about_use_cookies_ssl}</p>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@ class memberView extends member
|
|||
function dispMemberSignUpForm()
|
||||
{
|
||||
//setcookie for redirect url in case of going to member sign up
|
||||
setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, '/', null, Context::isAlwaysSSL());
|
||||
setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, '/', null, !!config('session.use_ssl_cookies'));
|
||||
|
||||
$member_config = $this->member_config;
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
dt.setTime(dt.getTime() + (d * 24 * 60 * 60000));
|
||||
e = "; expires=" + dt.toGMTString();
|
||||
}
|
||||
document.cookie = n + "=" + v + e + "; path=/" + ((enforce_ssl) ? ";secure" : "");
|
||||
document.cookie = n + "=" + v + e + "; path=/" + ((cookies_ssl) ? ";secure" : "");
|
||||
}
|
||||
|
||||
var n = $('#nc_container');
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue