PMCORE-3466:Cookie No HttpOnly Flag - Telefonica of Guatemala Security Analysis (Issue Rep# 4)

Correction
2021-12-14 17:18:37 -04:00
parent 2acaad3a43
commit dd0894e967
2 changed files with 2 additions and 2 deletions
--- a/workflow/engine/classes/triggers/api/Zimbra.php
+++ b/workflow/engine/classes/triggers/api/Zimbra.php
@@ -90,7 +90,7 @@ class Zimbra
    {
        if ($this->_username) {
            if (PHP_VERSION < 5.2) {
-                setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu");
+                setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", "; HttpOnly");
            } else {
                setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", false, true);
            }