mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-05 17:51:40 +09:00
Change Context::isAlwaysSSL() to config('session.use_ssl_cookies')
- Main session cookie is httpOnly if use_ssl is true - SSO cookie is always httpOnly
This commit is contained in:
Kijin Sung
parent
2c9bb88a14
commit
a49f2f5f06
8 changed files with 18 additions and 35 deletions
|
|
@ -300,7 +300,7 @@ class Context
|
||||||
{
|
{
|
||||||
if($_COOKIE['lang_type'] !== $lang_type)
|
if($_COOKIE['lang_type'] !== $lang_type)
|
||||||
{
|
{
|
||||||
setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, self::isAlwaysSSL());
|
setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, !!config('session.use_ssl_cookies'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elseif($_COOKIE['lang_type'])
|
elseif($_COOKIE['lang_type'])
|
||||||
|
|
@ -316,7 +316,7 @@ class Context
|
||||||
if(!strncasecmp($lang_code, $_SERVER['HTTP_ACCEPT_LANGUAGE'], strlen($lang_code)))
|
if(!strncasecmp($lang_code, $_SERVER['HTTP_ACCEPT_LANGUAGE'], strlen($lang_code)))
|
||||||
{
|
{
|
||||||
$lang_type = $lang_code;
|
$lang_type = $lang_code;
|
||||||
setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, self::isAlwaysSSL());
|
setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, !!config('session.use_ssl_cookies'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -617,23 +617,6 @@ class Context
|
||||||
return self::get('_use_ssl');
|
return self::get('_use_ssl');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Return ssl status
|
|
||||||
*
|
|
||||||
* @param boolen $purge_cache Set true to get uncached SSL_enforce value.
|
|
||||||
* @return boolean (true|false)
|
|
||||||
*/
|
|
||||||
public static function isAlwaysSSL($purge_cache = false)
|
|
||||||
{
|
|
||||||
static $ssl_only = null;
|
|
||||||
if(is_null($ssl_only) || $purge_cache === true)
|
|
||||||
{
|
|
||||||
$ssl_only = (self::get('site_module_info')->security === 'always' ? true : false);
|
|
||||||
}
|
|
||||||
return $ssl_only;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return default URL
|
* Return default URL
|
||||||
*
|
*
|
||||||
|
|
@ -1714,13 +1697,12 @@ class Context
|
||||||
}
|
}
|
||||||
|
|
||||||
// If using SSL always
|
// If using SSL always
|
||||||
$_use_ssl = self::get('_use_ssl');
|
if($site_module_info->security == 'always')
|
||||||
if($_use_ssl == 'always')
|
|
||||||
{
|
{
|
||||||
$query = self::getRequestUri(ENFORCE_SSL, $domain) . $query;
|
$query = self::getRequestUri(ENFORCE_SSL, $domain) . $query;
|
||||||
}
|
}
|
||||||
// optional SSL use
|
// optional SSL use
|
||||||
elseif($_use_ssl == 'optional')
|
elseif($site_module_info->security == 'optional')
|
||||||
{
|
{
|
||||||
$ssl_mode = ((self::get('module') === 'admin') || ($get_vars['module'] === 'admin') || (isset($get_vars['act']) && self::isExistsSSLAction($get_vars['act']))) ? ENFORCE_SSL : RELEASE_SSL;
|
$ssl_mode = ((self::get('module') === 'admin') || ($get_vars['module'] === 'admin') || (isset($get_vars['act']) && self::isExistsSSLAction($get_vars['act']))) ? ENFORCE_SSL : RELEASE_SSL;
|
||||||
$query = self::getRequestUri($ssl_mode, $domain) . $query;
|
$query = self::getRequestUri($ssl_mode, $domain) . $query;
|
||||||
|
|
@ -1786,7 +1768,8 @@ class Context
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(self::isAlwaysSSL())
|
$site_module_info = self::get('site_module_info');
|
||||||
|
if ($site_module_info->security === 'always')
|
||||||
{
|
{
|
||||||
$ssl_mode = ENFORCE_SSL;
|
$ssl_mode = ENFORCE_SSL;
|
||||||
}
|
}
|
||||||
|
|
@ -1801,7 +1784,6 @@ class Context
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$site_module_info = self::get('site_module_info');
|
|
||||||
if ($domain !== null && $domain !== false && $domain !== $site_module_info->domain)
|
if ($domain !== null && $domain !== false && $domain !== $site_module_info->domain)
|
||||||
{
|
{
|
||||||
if (!isset($domain_infos[$domain]))
|
if (!isset($domain_infos[$domain]))
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ class Mobile
|
||||||
$uatype = $uahash . ':' . (self::$_ismobile ? '1' : '0');
|
$uatype = $uahash . ':' . (self::$_ismobile ? '1' : '0');
|
||||||
if ($cookie !== $uatype)
|
if ($cookie !== $uatype)
|
||||||
{
|
{
|
||||||
setcookie('rx_uatype', $uatype, 0, null, null, Context::isAlwaysSSL());
|
setcookie('rx_uatype', $uatype, 0, null, null, !!config('session.use_ssl_cookies'));
|
||||||
$_COOKIE['rx_uatype'] = $uatype;
|
$_COOKIE['rx_uatype'] = $uatype;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ class Session
|
||||||
ini_set('session.use_cookies', 1);
|
ini_set('session.use_cookies', 1);
|
||||||
ini_set('session.use_only_cookies', 1);
|
ini_set('session.use_only_cookies', 1);
|
||||||
ini_set('session.use_strict_mode', 1);
|
ini_set('session.use_strict_mode', 1);
|
||||||
session_set_cookie_params($lifetime, $path, null, $ssl_only, true);
|
session_set_cookie_params($lifetime, $path, null, $ssl_only, $ssl_only);
|
||||||
session_name($session_name = Config::get('session.name') ?: session_name());
|
session_name($session_name = Config::get('session.name') ?: session_name());
|
||||||
|
|
||||||
// Get session ID from POST parameter if using relaxed key checks.
|
// Get session ID from POST parameter if using relaxed key checks.
|
||||||
|
|
@ -295,7 +295,7 @@ class Session
|
||||||
if(!$is_default_domain && !\Context::get('sso_response') && $_COOKIE['sso'] !== md5($current_domain))
|
if(!$is_default_domain && !\Context::get('sso_response') && $_COOKIE['sso'] !== md5($current_domain))
|
||||||
{
|
{
|
||||||
// Set sso cookie to prevent multiple simultaneous SSO validation requests.
|
// Set sso cookie to prevent multiple simultaneous SSO validation requests.
|
||||||
setcookie('sso', md5($current_domain), 0, '/', null, \Context::isAlwaysSSL(), true);
|
setcookie('sso', md5($current_domain), 0, '/', null, !!config('session.use_ssl'), true);
|
||||||
|
|
||||||
// Redirect to the default site.
|
// Redirect to the default site.
|
||||||
$sso_request = Security::encrypt($current_url);
|
$sso_request = Security::encrypt($current_url);
|
||||||
|
|
|
||||||
|
|
@ -1056,7 +1056,7 @@ function setCookie(name, value, expire, path) {
|
||||||
var s_cookie = name + "=" + escape(value) +
|
var s_cookie = name + "=" + escape(value) +
|
||||||
((!expire) ? "" : ("; expires=" + expire.toGMTString())) +
|
((!expire) ? "" : ("; expires=" + expire.toGMTString())) +
|
||||||
"; path=" + ((!path) ? "/" : path) +
|
"; path=" + ((!path) ? "/" : path) +
|
||||||
((enforce_ssl) ? ";secure" : "");
|
((cookies_ssl) ? ";secure" : "");
|
||||||
|
|
||||||
document.cookie = s_cookie;
|
document.cookie = s_cookie;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -55,7 +55,8 @@
|
||||||
var current_mid = {json_encode($mid ?: null)};
|
var current_mid = {json_encode($mid ?: null)};
|
||||||
var http_port = {Context::get("_http_port") ?: 'null'};
|
var http_port = {Context::get("_http_port") ?: 'null'};
|
||||||
var https_port = {Context::get("_https_port") ?: 'null'};
|
var https_port = {Context::get("_https_port") ?: 'null'};
|
||||||
var enforce_ssl = {Context::get('_use_ssl') === 'always' ? 'true' : 'false'};
|
var enforce_ssl = {$site_module_info->security === 'always' ? 'true' : 'false'};
|
||||||
|
var cookies_ssl = {config('session.use_ssl_cookies') ? 'true' : 'false'};
|
||||||
var ssl_actions = {json_encode(array_keys(Context::getSSLActions()))};
|
var ssl_actions = {json_encode(array_keys(Context::getSSLActions()))};
|
||||||
var xeVid = null;
|
var xeVid = null;
|
||||||
</script>
|
</script>
|
||||||
|
|
|
||||||
|
|
@ -51,8 +51,8 @@
|
||||||
<div class="x_control-group">
|
<div class="x_control-group">
|
||||||
<label class="x_control-label">{$lang->use_session_ssl}</label>
|
<label class="x_control-label">{$lang->use_session_ssl}</label>
|
||||||
<div class="x_controls">
|
<div class="x_controls">
|
||||||
<label for="use_session_ssl_y" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_y" value="Y" checked="checked"|cond="$use_session_ssl && $use_ssl === 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_yes}</label>
|
<label for="use_session_ssl_y" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_y" value="Y" checked="checked"|cond="$use_session_ssl && $site_module_info->security === 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_yes}</label>
|
||||||
<label for="use_session_ssl_n" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_n" value="N" checked="checked"|cond="!$use_session_ssl || $use_ssl !== 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_no}</label>
|
<label for="use_session_ssl_n" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_n" value="N" checked="checked"|cond="!$use_session_ssl || $site_module_info->security !== 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_no}</label>
|
||||||
<br />
|
<br />
|
||||||
<p class="x_help-block">{$lang->about_use_session_ssl}</p>
|
<p class="x_help-block">{$lang->about_use_session_ssl}</p>
|
||||||
</div>
|
</div>
|
||||||
|
|
@ -60,8 +60,8 @@
|
||||||
<div class="x_control-group">
|
<div class="x_control-group">
|
||||||
<label class="x_control-label">{$lang->use_cookies_ssl}</label>
|
<label class="x_control-label">{$lang->use_cookies_ssl}</label>
|
||||||
<div class="x_controls">
|
<div class="x_controls">
|
||||||
<label for="use_cookies_ssl_y" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_y" value="Y" checked="checked"|cond="$use_cookies_ssl && $use_ssl === 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_yes}</label>
|
<label for="use_cookies_ssl_y" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_y" value="Y" checked="checked"|cond="$use_cookies_ssl && $site_module_info->security === 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_yes}</label>
|
||||||
<label for="use_cookies_ssl_n" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_n" value="N" checked="checked"|cond="!$use_cookies_ssl || $use_ssl !== 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_no}</label>
|
<label for="use_cookies_ssl_n" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_n" value="N" checked="checked"|cond="!$use_cookies_ssl || $site_module_info->security !== 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_no}</label>
|
||||||
<br />
|
<br />
|
||||||
<p class="x_help-block">{$lang->about_use_cookies_ssl}</p>
|
<p class="x_help-block">{$lang->about_use_cookies_ssl}</p>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
|
|
@ -192,7 +192,7 @@ class memberView extends member
|
||||||
function dispMemberSignUpForm()
|
function dispMemberSignUpForm()
|
||||||
{
|
{
|
||||||
//setcookie for redirect url in case of going to member sign up
|
//setcookie for redirect url in case of going to member sign up
|
||||||
setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, '/', null, Context::isAlwaysSSL());
|
setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, '/', null, !!config('session.use_ssl_cookies'));
|
||||||
|
|
||||||
$member_config = $this->member_config;
|
$member_config = $this->member_config;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
dt.setTime(dt.getTime() + (d * 24 * 60 * 60000));
|
dt.setTime(dt.getTime() + (d * 24 * 60 * 60000));
|
||||||
e = "; expires=" + dt.toGMTString();
|
e = "; expires=" + dt.toGMTString();
|
||||||
}
|
}
|
||||||
document.cookie = n + "=" + v + e + "; path=/" + ((enforce_ssl) ? ";secure" : "");
|
document.cookie = n + "=" + v + e + "; path=/" + ((cookies_ssl) ? ";secure" : "");
|
||||||
}
|
}
|
||||||
|
|
||||||
var n = $('#nc_container');
|
var n = $('#nc_container');
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue