fernando/luos
1
0
Fork 0
Code Releases Activity

PM-2039 "Las cookies de sesion no se ha definido con el flag..." SOLVED

Browse Source 
Issue:
    Las cookies de sesion no se ha definido con el flag HttpOnly esta debe definirse para mitigar ataques de tipo
    cross-site scripting.
Cause:
    No se a definido el parametro "httponly" al momento de usar la funcion "setcookie"
Solution:
    Se define el parametro "httponly" al momento de usar la funcion "setcookie"
This commit is contained in:
Victor Saisa Lopez
2015-04-13 11:59:47 -04:00
parent cffa3f095d
commit 2545468c19
7 changed files with 29 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
workflow/engine/methods/login/login.php
View File

@@ -125,7 +125,11 @@ if (isset ($_SESSION['USER_LOGGED'])) {
session_start();
session_regenerate_id();
setcookie("workspaceSkin", SYS_SKIN, time() + 24*60*60, "/sys".SYS_SYS);
if (PHP_VERSION < 5.2) {
setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . SYS_SYS, "; HttpOnly");
} else {
setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . SYS_SYS, null, false, true);
}
if (strlen($msg) > 0) {
$_SESSION['G_MESSAGE'] = $msg;