set httponly to true when calling setcookie. the ini_set option above…

… doesn't actually seem to do anything... (but not removing it just in case Signed-off-by: Adam Warner <me@adamwarner.co.uk>
pi-hole · Sep 11, 2021 · cf8602e · cf8602e
1 parent cce6889
commit cf8602e
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/scripts/pi-hole/php/password.php b/scripts/pi-hole/php/password.php
@@ -50,7 +50,8 @@
             {
                 $auth = true;
                 // Refresh cookie with new expiry
-                setcookie('persistentlogin', $pwhash, time()+60*60*24*7);
+                // setcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
+                setcookie('persistentlogin', $pwhash, time()+60*60*24*7, null, null, null, true );
             }
             else
             {
@@ -79,7 +80,8 @@
                     // Set persistent cookie if selected
                     if (isset($_POST['persistentlogin']))
                     {
-                        setcookie('persistentlogin', $pwhash, time()+60*60*24*7);
+                        // setcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
+                        setcookie('persistentlogin', $pwhash, time()+60*60*24*7, null, null, null, true );
                     }
                     header('Location: index.php');
                     exit();