fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PM-2039 "Las cookies de sesion no se ha definido con el flag..." SOLVED

Browse Source 
Issue:
    Las cookies de sesion no se ha definido con el flag HttpOnly esta debe definirse para mitigar ataques de tipo
    cross-site scripting.
Cause:
    No se a definido el parametro "httponly" al momento de usar la funcion "setcookie"
Solution:
    Se define el parametro "httponly" al momento de usar la funcion "setcookie"
This commit is contained in:
Victor Saisa Lopez
2015-04-13 11:59:47 -04:00
parent cffa3f095d
commit 2545468c19
7 changed files with 29 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
workflow/engine/src/ProcessMaker/BusinessModel/Light.php
View File

@@ -555,7 +555,7 @@ class Light
session_start();
session_regenerate_id();
setcookie("workspaceSkin", SYS_SKIN, time() + 24*60*60, "/sys".SYS_SYS);
setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . SYS_SYS, null, false, true);
if (strlen($msg) > 0) {
$_SESSION['G_MESSAGE'] = $msg;
@@ -811,3 +811,4 @@ class Light
return $response;
}
}