PMCORE-3466:Cookie No HttpOnly Flag - Telefonica of Guatemala Security Analysis (Issue Rep# 4)

Correction

workflow/engine/classes/triggers/api/Zimbra.php

@@ -90,7 +90,7 @@ class Zimbra
     {
         if ($this->_username) {
             if (PHP_VERSION < 5.2) {
-                setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu");
+                setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", "; HttpOnly");
             } else {
                 setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", false, true);
             }

workflow/engine/src/ProcessMaker/Core/System.php

@@ -94,7 +94,7 @@ class System
         'path' => '/',
         'domain' => '',
         'secure' => false,
-        'httponly' => false,
+        'httponly' => true,
         'samesite' => ''
     ];