Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Code comment

Browse Source
This commit is contained in:
Laurent Destailleur 2017-09-24 19:50:32 +02:00
parent c65f794f87
commit 49e9326a6d
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/security2.lib.php
View File

@ -184,7 +184,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
// Set cookie for timeout management
$prefix=dol_getprefix();
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', 0);
if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true);
if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha');
else unset($_SESSION["urlfrom"]);

8
htdocs/main.inc.php
View File

@ -179,7 +179,9 @@ if (! empty($_SERVER['DOCUMENT_ROOT']) && substr($_SERVER['DOCUMENT_ROOT'], -6)
// Include the conf.php and functions.lib.php
require_once 'filefunc.inc.php';
// If there is a POST parameter to tell to save automatically some POST parameters into cookies, we do it
// If there is a POST parameter to tell to save automatically some POST parameters into cookies, we do it.
// This is used for example by form of boxes to save personalization of some options.
// DOL_AUTOSET_COOKIE=cookiename:val1,val2 and cookiename_val1=aaa cookiename_val2=bbb will set cookie_name with value json_encode(array('val1'=> , ))
if (! empty($_POST["DOL_AUTOSET_COOKIE"]))
{
$tmpautoset=explode(':',$_POST["DOL_AUTOSET_COOKIE"],2);
@ -194,7 +196,7 @@ if (! empty($_POST["DOL_AUTOSET_COOKIE"]))
$cookiename=$tmpautoset[0];
$cookievalue=json_encode($cookiearrayvalue);
//var_dump('setcookie cookiename='.$cookiename.' cookievalue='.$cookievalue);
setcookie($cookiename, empty($cookievalue)?'':$cookievalue, empty($cookievalue)?0:(time()+(86400*354)), '/'); // keep cookie 1 year
setcookie($cookiename, empty($cookievalue)?'':$cookievalue, empty($cookievalue)?0:(time()+(86400*354)), '/', null, false, true); // keep cookie 1 year and add tag httponly
if (empty($cookievalue)) unset($_COOKIE[$cookiename]);
}
@ -204,7 +206,7 @@ $sessionname='DOLSESSID_'.$prefix;
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);
session_name($sessionname);
session_set_cookie_params(0, '/', null, false, true); // Add tag httponly on session cookie
session_set_cookie_params(0, '/', null, false, true); // Add tag httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
// This create lock released until session_write_close() or end of page.
// We need this lock as long as we read/write $_SESSION ['vars']. We can close released when finished.
if (! defined('NOSESSION'))