Changeset 2316

Timestamp:

07/20/2009 07:09:30 AM (17 years ago)

Author:

sambauers

Message:

branches 0.9: Use httponly cookies. Props _ck_

File:

• branches/0.9/bb-includes/pluggable.php (modified) (1 diff)

branches/0.9/bb-includes/pluggable.php

@@ -190 +190 @@
     do_action('set_auth_cookie', $cookie, $expire);
     
-    setcookie($bb->authcookie, $cookie, $expire, $bb->cookiepath, $bb->cookiedomain);
-    if ( $bb->cookiepath != $bb->sitecookiepath )
-        setcookie($bb->authcookie, $cookie, $expire, $bb->sitecookiepath, $bb->cookiedomain);
+    // Set httponly if the php version is >= 5.2.0
+    if ( version_compare( phpversion(), '5.2.0', 'ge' ) ) {
+        setcookie( $bb->authcookie, $cookie, $expire, $bb->cookiepath, $bb->cookiedomain, $secure, true );
+        if ( $bb->cookiepath != $bb->sitecookiepath ) {
+            setcookie( $bb->authcookie, $cookie, $expire, $bb->sitecookiepath, $bb->cookiedomain, $secure, true );
+        }
+    } else {
+        $_domain = ( empty( $bb->cookiedomain ) ) ? $bb->cookiedomain : $bb->cookiedomain . '; HttpOnly';
+        setcookie( $bb->authcookie, $cookie, $expire, $bb->cookiepath, $_domain, $secure );
+        if ( $bb->cookiepath != $bb->sitecookiepath ) {
+            setcookie( $bb->authcookie, $cookie, $expire, $bb->sitecookiepath, $_domain, $secure );
+        }
+    }
 }
 endif;