PM-2039 "Las cookies de sesion no se ha definido con el flag..." SOLVED
Issue:
Las cookies de sesion no se ha definido con el flag HttpOnly esta debe definirse para mitigar ataques de tipo
cross-site scripting.
Cause:
No se a definido el parametro "httponly" al momento de usar la funcion "setcookie"
Solution:
Se define el parametro "httponly" al momento de usar la funcion "setcookie"
This commit is contained in:
Victor Saisa Lopez
@@ -26,8 +26,7 @@ SELECT LANG_ID, LANG_NAME FROM langOptions
|
||||
setFocus (getField ('USR_USERNAME'));
|
||||
|
||||
leimnud.event.add(document.getElementById('form[BSUBMIT]'), 'click', function() {
|
||||
ws = getField('USER_ENV').value;
|
||||
createCookie('pmos_generik2', '{"ws":"'+ws+'"}', 365);
|
||||
createCookie("pm_sys_sys", "{\"sys_sys\": \"" + getField("USER_ENV").value + "\"}", 365);
|
||||
|
||||
var client = getBrowserClient();
|
||||
if (client.browser == "msie" || client.browser == "safari"){
|
||||
@@ -36,12 +35,14 @@ leimnud.event.add(document.getElementById('form[BSUBMIT]'), 'click', function()
|
||||
}.extend(document.getElementById('form[BSUBMIT]')));
|
||||
|
||||
try{
|
||||
c = new String(readCookie('pmos_generik2'));
|
||||
o = eval("("+c+")");
|
||||
if( o != null){
|
||||
getField('USER_ENV').value = o.ws;
|
||||
var s = new String(readCookie("pm_sys_sys"));
|
||||
var obj = eval("(" + s + ")");
|
||||
|
||||
if (obj != null) {
|
||||
getField("USER_ENV").value = obj.sys_sys;
|
||||
}
|
||||
} catch(e){}
|
||||
|
||||
]]></JS>
|
||||
</dynaForm>
|
||||
|
||||
|
||||
@@ -28,8 +28,7 @@ SELECT LANG_ID, LANG_NAME FROM langOptions
|
||||
setFocus (getField ('USR_USERNAME'));
|
||||
|
||||
leimnud.event.add(document.getElementById('form[BSUBMIT]'), 'click', function() {
|
||||
ws = getField('USER_ENV').value;
|
||||
createCookie('pmos_generik2', '{"ws":"'+ws+'"}', 365);
|
||||
createCookie("pm_sys_sys", "{\"sys_sys\": \"" + getField("USER_ENV").value + "\"}", 365);
|
||||
|
||||
/*
|
||||
var client = getBrowserClient();
|
||||
@@ -45,12 +44,14 @@ leimnud.event.add(document.getElementById('form[BSUBMIT]'), 'click', function()
|
||||
}.extend(document.getElementById('form[BSUBMIT]')));
|
||||
|
||||
try{
|
||||
c = new String(readCookie('pmos_generik2'));
|
||||
o = eval("("+c+")");
|
||||
if( o != null){
|
||||
getField('USER_ENV').value = o.ws;
|
||||
var s = new String(readCookie("pm_sys_sys"));
|
||||
var obj = eval("(" + s + ")");
|
||||
|
||||
if (obj != null) {
|
||||
getField("USER_ENV").value = obj.sys_sys;
|
||||
}
|
||||
} catch(e){}
|
||||
|
||||
]]></JS>
|
||||
</dynaForm>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user