Merge pull request #461 from VitorVieira20/fix/cookies

fix: add secure and httponly flags to cookies and also add samsite 'l…
LibreBooking · Dec 9, 2024 · 9978bf2 · 9978bf2
2 parents 502829f + fcdf590
commit 9978bf2
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 5 deletions.
diff --git a/Web/scripts/schedule.js b/Web/scripts/schedule.js
@@ -853,8 +853,23 @@ function Schedule(opts, resourceGroups) {
     this.initRotateSchedule = function () {
         $('#schedule-actions .schedule-style').click(function (e) {
             e.preventDefault();
-            createCookie(opts.cookieName, $(this).attr('schedule-display'), 30, opts.scriptUrl);
-            window.location.reload();
+
+            var scheduleDisplay = $(this).attr('schedule-display');
+
+            // Validate if schedule-display is an integer
+            var isInteger = /^[0-9]+$/.test(scheduleDisplay);
+
+            if (isInteger) {
+
+                // If is valid cerate a normal cookie
+                createCookie(opts.cookieName, parseInt(scheduleDisplay, 10), 30, opts.scriptUrl);
+                window.location.reload();
+            } else {
+
+                // Otherwise create a cookie with value 0
+                createCookie(opts.cookieName, 0, 30, opts.scriptUrl);
+                window.location.reload();
+            }
         });
     };
 

diff --git a/lib/Server/Cookie.php b/lib/Server/Cookie.php
@@ -9,8 +9,11 @@ class Cookie
     public $Value;
     public $Expiration;
     public $Path;
+    public $Secure;
+    public $HttpOnly;
+    public $SameSite;
 
-    public function __construct($name, $value, $expiration = null, $path = null)
+    public function __construct($name, $value, $expiration = null, $path = null, $secure = true, $httpOnly = true, $sameSite = 'Lax')
     {
         if (is_null($expiration)) {
             $expiration = Date::Now()->AddDays(30)->TimeStamp();
@@ -29,6 +32,9 @@ public function __construct($name, $value, $expiration = null, $path = null)
         $this->Value = $value;
         $this->Expiration = $expiration;    // date(DATE_COOKIE, $expiration);
         $this->Path = $path;
+        $this->Secure = $secure;
+        $this->HttpOnly = $httpOnly;
+        $this->SameSite = $sameSite;
     }
 
     public function Delete()

diff --git a/lib/Server/Server.php b/lib/Server/Server.php
@@ -10,8 +10,17 @@ public function __construct()
 
     public function SetCookie(Cookie $cookie)
     {
-        setcookie($cookie->Name, $cookie->Value, $cookie->Expiration, $cookie->Path);
-    }
+        setcookie(
+            $cookie->Name, 
+            $cookie->Value, 
+            [
+                'expires' => $cookie->Expiration,
+                'path' => $cookie->Path,
+                'secure' => $cookie->Secure,
+                'httponly' => $cookie->HttpOnly,
+                'samesite' => $cookie->SameSite
+            ]
+        );    }
 
     public function DeleteCookie(Cookie $cookie)
     {