fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PM-2039 "Las cookies de sesion no se ha definido con el flag..." SOLVED

Browse Source 
Issue:
    Las cookies de sesion no se ha definido con el flag HttpOnly esta debe definirse para mitigar ataques de tipo
    cross-site scripting.
Cause:
    No se a definido el parametro "httponly" al momento de usar la funcion "setcookie"
Solution:
    Se define el parametro "httponly" al momento de usar la funcion "setcookie"
This commit is contained in:
Victor Saisa Lopez
2015-04-13 11:59:47 -04:00
parent cffa3f095d
commit 2545468c19
7 changed files with 29 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
workflow/engine/classes/triggers/api/class.zimbraApi.php
View File

@@ -77,7 +77,11 @@ class Zimbra
public function sso($options = '')
{
if ($this->_username) {
setcookie('ZM_SKIN', 'plymouth', time() + 60 * 60 * 24 * 30, '/', '.plymouth.edu');
if (PHP_VERSION < 5.2) {
setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu");
} else {
setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", false, true);
}
$pre_auth = $this->getPreAuth($this->_username);
$url = $this->_protocol . '/service/preauth?account=' . $this->_username . '@' . $this->_server . '&expires=' . $this->_preauth_expiration . '&timestamp=' . $this->_timestamp . '&preauth=' . $pre_auth; //.'&'.$options;
@@ -828,7 +832,7 @@ class Zimbra
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
if (!$connecting && !$this->_connected) {
throw new Exception('zimbra.class: soapRequest called without a connection to Zimbra server');
}