From: Andrew Garrett <werdna@users.mediawiki.org>
Date: Tue, 15 Apr 2008 00:06:32 +0000 (+0000)
Subject: Allow setting httponly on auth cookies.
X-Git-Tag: 1.31.0-rc.0~48328
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/supprimer.php?a=commitdiff_plain;h=32bb81359b5626af47c670e96cdc38480331e8cd;p=lhc%2Fweb%2Fwiklou.git

Allow setting httponly on auth cookies.
---

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 9dde253fee..b0aef12516 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1496,6 +1496,7 @@ $wgCookieDomain = '';
 $wgCookiePath = '/';
 $wgCookieSecure = ($wgProto == 'https');
 $wgDisableCookieCheck = false;
+$wgCookieHttpOnly = true;
 
 /** A list of cookies that vary the cache (for use by extensions) */
 $wgCacheVaryCookies = array();
diff --git a/includes/User.php b/includes/User.php
index b3a839e865..686a8f8506 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -1968,20 +1968,20 @@ class User {
 	}
 
 	function setCookies() {
-		global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookiePrefix;
+		global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookiePrefix, $wgCookieHttpOnly;;
 		$this->load();
 		if ( 0 == $this->mId ) return;
 		$exp = time() + $wgCookieExpiration;
 
 		$_SESSION['wsUserID'] = $this->mId;
-		setcookie( $wgCookiePrefix.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+		setcookie( $wgCookiePrefix.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
 
 		$_SESSION['wsUserName'] = $this->getName();
-		setcookie( $wgCookiePrefix.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+		setcookie( $wgCookiePrefix.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
 
 		$_SESSION['wsToken'] = $this->mToken;
 		if ( 1 == $this->getOption( 'rememberpassword' ) ) {
-			setcookie( $wgCookiePrefix.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+			setcookie( $wgCookiePrefix.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
 		} else {
 			setcookie( $wgCookiePrefix.'Token', '', time() - 3600 );
 		}