fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMCORE-3466:Cookie No HttpOnly Flag - Telefonica of Guatemala Security Analysis (Issue Rep# 4)

Browse Source 
Correction
This commit is contained in:
Fabio Guachalla
2021-12-14 17:18:37 -04:00
committed by fabio
parent 2acaad3a43
commit dd0894e967
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
workflow/engine/classes/triggers/api/Zimbra.php
View File

@@ -90,7 +90,7 @@ class Zimbra
{ {
if ($this->_username) { if ($this->_username) {
if (PHP_VERSION < 5.2) { if (PHP_VERSION < 5.2) {
setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu"); setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", "; HttpOnly");
} else { } else {
setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", false, true); setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", false, true);
} }

2
workflow/engine/src/ProcessMaker/Core/System.php
View File

@@ -94,7 +94,7 @@ class System
'path' => '/', 'path' => '/',
'domain' => '', 'domain' => '',
'secure' => false, 'secure' => false,
'httponly' => false, 'httponly' => true,
'samesite' => '' 'samesite' => ''
]; ];