diff --git a/workflow/engine/classes/model/DashletInstance.php b/workflow/engine/classes/model/DashletInstance.php index 7ab5f5782..bc3f4f4b5 100644 --- a/workflow/engine/classes/model/DashletInstance.php +++ b/workflow/engine/classes/model/DashletInstance.php @@ -18,7 +18,7 @@ class DashletInstance extends BaseDashletInstance { private $filterThisFields = array('DAS_INS_UID', 'DAS_UID', 'DAS_INS_OWNER_TYPE', 'DAS_INS_OWNER_UID', 'DAS_INS_CREATE_DATE', 'DAS_INS_UPDATE_DATE', 'DAS_INS_STATUS', - 'pmos_generik', 'ys-admin-tabpanel', 'PHPSESSID'); + "pm_sys_sys", "ys-admin-tabpanel", "PHPSESSID"); public function load($dasInsUid) { diff --git a/workflow/engine/classes/triggers/api/class.zimbraApi.php b/workflow/engine/classes/triggers/api/class.zimbraApi.php index ea3b840a9..c4470cc5b 100644 --- a/workflow/engine/classes/triggers/api/class.zimbraApi.php +++ b/workflow/engine/classes/triggers/api/class.zimbraApi.php @@ -77,7 +77,11 @@ class Zimbra public function sso($options = '') { if ($this->_username) { - setcookie('ZM_SKIN', 'plymouth', time() + 60 * 60 * 24 * 30, '/', '.plymouth.edu'); + if (PHP_VERSION < 5.2) { + setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu"); + } else { + setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", false, true); + } $pre_auth = $this->getPreAuth($this->_username); $url = $this->_protocol . '/service/preauth?account=' . $this->_username . '@' . $this->_server . '&expires=' . $this->_preauth_expiration . '×tamp=' . $this->_timestamp . '&preauth=' . $pre_auth; //.'&'.$options; @@ -828,7 +832,7 @@ class Zimbra { G::LoadSystem('inputfilter'); $filter = new InputFilter(); - + if (!$connecting && !$this->_connected) { throw new Exception('zimbra.class: soapRequest called without a connection to Zimbra server'); } diff --git a/workflow/engine/methods/login/login.php b/workflow/engine/methods/login/login.php index a358cf1f8..d8d9aadea 100755 --- a/workflow/engine/methods/login/login.php +++ b/workflow/engine/methods/login/login.php @@ -125,7 +125,11 @@ if (isset ($_SESSION['USER_LOGGED'])) { session_start(); session_regenerate_id(); -setcookie("workspaceSkin", SYS_SKIN, time() + 24*60*60, "/sys".SYS_SYS); +if (PHP_VERSION < 5.2) { + setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . SYS_SYS, "; HttpOnly"); +} else { + setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . SYS_SYS, null, false, true); +} if (strlen($msg) > 0) { $_SESSION['G_MESSAGE'] = $msg; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php index a45f086d1..97d42f082 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php @@ -555,7 +555,7 @@ class Light session_start(); session_regenerate_id(); - setcookie("workspaceSkin", SYS_SKIN, time() + 24*60*60, "/sys".SYS_SYS); + setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . SYS_SYS, null, false, true); if (strlen($msg) > 0) { $_SESSION['G_MESSAGE'] = $msg; @@ -811,3 +811,4 @@ class Light return $response; } } + diff --git a/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php b/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php index 1a9c154f4..8276c1d46 100644 --- a/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php +++ b/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php @@ -355,7 +355,7 @@ class Server implements iAuthenticate $lifetime = 1440; } - setcookie($session->getSessionName(), $_COOKIE[$session->getSessionName()], time() + $lifetime, "/"); + setcookie($session->getSessionName(), $_COOKIE[$session->getSessionName()], time() + $lifetime, "/", null, false, true); } } diff --git a/workflow/engine/xmlform/login/sysLogin.xml b/workflow/engine/xmlform/login/sysLogin.xml index 0a85100f3..613e3dc3d 100755 --- a/workflow/engine/xmlform/login/sysLogin.xml +++ b/workflow/engine/xmlform/login/sysLogin.xml @@ -26,8 +26,7 @@ SELECT LANG_ID, LANG_NAME FROM langOptions setFocus (getField ('USR_USERNAME')); leimnud.event.add(document.getElementById('form[BSUBMIT]'), 'click', function() { - ws = getField('USER_ENV').value; - createCookie('pmos_generik2', '{"ws":"'+ws+'"}', 365); + createCookie("pm_sys_sys", "{\"sys_sys\": \"" + getField("USER_ENV").value + "\"}", 365); var client = getBrowserClient(); if (client.browser == "msie" || client.browser == "safari"){ @@ -36,12 +35,14 @@ leimnud.event.add(document.getElementById('form[BSUBMIT]'), 'click', function() }.extend(document.getElementById('form[BSUBMIT]'))); try{ - c = new String(readCookie('pmos_generik2')); - o = eval("("+c+")"); - if( o != null){ - getField('USER_ENV').value = o.ws; + var s = new String(readCookie("pm_sys_sys")); + var obj = eval("(" + s + ")"); + + if (obj != null) { + getField("USER_ENV").value = obj.sys_sys; } } catch(e){} ]]> + diff --git a/workflow/engine/xmlform/login/sysLoginNoWS.xml b/workflow/engine/xmlform/login/sysLoginNoWS.xml index 54ec779db..4a6bda2ce 100755 --- a/workflow/engine/xmlform/login/sysLoginNoWS.xml +++ b/workflow/engine/xmlform/login/sysLoginNoWS.xml @@ -42,8 +42,7 @@ leimnud.event.add(document.getElementById('form[USR_PASSWORD_MASK]'), 'keypress' }); leimnud.event.add(document.getElementById('form[BSUBMIT]'), 'click', function() { - ws = getField('USER_ENV').value; - createCookie('pmos_generik2', '{"ws":"'+ws+'"}', 365); + createCookie("pm_sys_sys", "{\"sys_sys\": \"" + getField("USER_ENV").value + "\"}", 365); /* var client = getBrowserClient(); @@ -59,12 +58,14 @@ leimnud.event.add(document.getElementById('form[BSUBMIT]'), 'click', function() }.extend(document.getElementById('form[BSUBMIT]'))); try{ - c = new String(readCookie('pmos_generik2')); - o = eval("("+c+")"); - if( o != null){ - getField('USER_ENV').value = o.ws; + var s = new String(readCookie("pm_sys_sys")); + var obj = eval("(" + s + ")"); + + if (obj != null) { + getField("USER_ENV").value = obj.sys_sys; } } catch(e){} ]]> + diff --git a/workflow/engine/xmlform/login/sysLoginNoWSpm3.xml b/workflow/engine/xmlform/login/sysLoginNoWSpm3.xml index 5dd893ede..57e307f7a 100755 --- a/workflow/engine/xmlform/login/sysLoginNoWSpm3.xml +++ b/workflow/engine/xmlform/login/sysLoginNoWSpm3.xml @@ -24,12 +24,12 @@ SELECT LANG_ID, LANG_NAME FROM langOptions + diff --git a/workflow/public_html/app.php b/workflow/public_html/app.php index 63738c8c7..5d0a98a10 100644 --- a/workflow/public_html/app.php +++ b/workflow/public_html/app.php @@ -10,12 +10,12 @@ register_shutdown_function( ) ); -/* - * ProcessMaker Web Application Bootstrap - */ +ini_set("session.cookie_httponly", 1); + if (isset($_SERVER['UNENCODED_URL'])) { $_SERVER['REQUEST_URI'] = $_SERVER['UNENCODED_URL']; } + try { $rootDir = realpath(__DIR__ . "/../../") . DIRECTORY_SEPARATOR; @@ -90,3 +90,4 @@ try { $response = new Maveriks\Http\Response($view->getOutput(), 503); $response->send(); } +