fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PM-2039 "Las cookies de sesion no se ha definido con el flag..." SOLVED

Browse Source 
Issue:
    Las cookies de sesion no se ha definido con el flag HttpOnly esta debe definirse para mitigar ataques de tipo
    cross-site scripting.
Cause:
    No se a definido el parametro "httponly" al momento de usar la funcion "setcookie"
Solution:
    Se define el parametro "httponly" al momento de usar la funcion "setcookie"
This commit is contained in:
Victor Saisa Lopez
2015-04-20 17:01:38 -04:00
parent bd51761043
commit e1875b1ede
2 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
workflow/public_html/app.php
View File

@@ -10,12 +10,12 @@ register_shutdown_function(
)
);
/*
* ProcessMaker Web Application Bootstrap
*/
ini_set("session.cookie_httponly", 1);
if (isset($_SERVER['UNENCODED_URL'])) {
$_SERVER['REQUEST_URI'] = $_SERVER['UNENCODED_URL'];
}
try {
$rootDir = realpath(__DIR__ . "/../../") . DIRECTORY_SEPARATOR;
@@ -90,3 +90,4 @@ try {
$response = new Maveriks\Http\Response($view->getOutput(), 503);
$response->send();
}