From d9e795d331bb69e57a7d4e22c3e1b2b5a700ef21 Mon Sep 17 00:00:00 2001 From: samerton Date: Mon, 25 Oct 2021 11:14:00 +0100 Subject: [PATCH] Allow setting cookies as secure + httpOnly --- core/classes/Cookie.php | 7 +++++-- core/classes/User.php | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/core/classes/Cookie.php b/core/classes/Cookie.php index 32afba8915..696852cabc 100644 --- a/core/classes/Cookie.php +++ b/core/classes/Cookie.php @@ -36,9 +36,12 @@ public static function get(string $name) { * @param string $name Name of cookie to create. * @param string $value Value to store in cookie. * @param int $expiry When does the cookie expire? + * @param ?bool $secure Create as secure cookie? + * @param ?bool $httpOnly Create as httpOnly cookie? + * @return bool Whether cookie was set or not */ - public static function put(string $name, string $value, int $expiry): bool { - return setcookie($name, $value, time() + $expiry, '/'); + public static function put(string $name, string $value, int $expiry, ?bool $secure = false, ?bool $httpOnly = false): bool { + return setcookie($name, $value, time() + $expiry, '/', null, $secure, $httpOnly); } /** diff --git a/core/classes/User.php b/core/classes/User.php index 0d3cb061fb..402ef13ac3 100644 --- a/core/classes/User.php +++ b/core/classes/User.php @@ -225,7 +225,7 @@ private function _commonLogin(?string $username, ?string $password, bool $rememb $expiry = $is_admin ? 3600 : Config::get('remember/cookie_expiry'); $cookieName = $is_admin ? ($this->_cookieName . '_adm') : $this->_cookieName; - Cookie::put($cookieName, $hash, $expiry); + Cookie::put($cookieName, $hash, $expiry, Util::isConnectionSSL(), true); } return true;