From fcdf590a3868749a56a7025bc02a9f572dec7014 Mon Sep 17 00:00:00 2001
From: VitorVieira20 <vitor20vieira2@gmail.com>
Date: Thu, 5 Dec 2024 09:12:46 +0000
Subject: [PATCH] fix: add secure and httponly flags to cookies and also add
 samsite 'lax' to them

---
 Web/scripts/schedule.js | 19 +++++++++++++++++--
 lib/Server/Cookie.php   |  8 +++++++-
 lib/Server/Server.php   | 13 +++++++++++--
 3 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/Web/scripts/schedule.js b/Web/scripts/schedule.js
index 95ed859be..0e44bd2e3 100644
--- a/Web/scripts/schedule.js
+++ b/Web/scripts/schedule.js
@@ -853,8 +853,23 @@ function Schedule(opts, resourceGroups) {
     this.initRotateSchedule = function () {
         $('#schedule-actions .schedule-style').click(function (e) {
             e.preventDefault();
-            createCookie(opts.cookieName, $(this).attr('schedule-display'), 30, opts.scriptUrl);
-            window.location.reload();
+
+            var scheduleDisplay = $(this).attr('schedule-display');
+
+            // Validate if schedule-display is an integer
+            var isInteger = /^[0-9]+$/.test(scheduleDisplay);
+
+            if (isInteger) {
+                
+                // If is valid cerate a normal cookie
+                createCookie(opts.cookieName, parseInt(scheduleDisplay, 10), 30, opts.scriptUrl);
+                window.location.reload();
+            } else {
+                
+                // Otherwise create a cookie with value 0
+                createCookie(opts.cookieName, 0, 30, opts.scriptUrl);
+                window.location.reload();
+            }
         });
     };
 
diff --git a/lib/Server/Cookie.php b/lib/Server/Cookie.php
index 411004910..1a535286d 100644
--- a/lib/Server/Cookie.php
+++ b/lib/Server/Cookie.php
@@ -9,8 +9,11 @@ class Cookie
     public $Value;
     public $Expiration;
     public $Path;
+    public $Secure;
+    public $HttpOnly;
+    public $SameSite;
 
-    public function __construct($name, $value, $expiration = null, $path = null)
+    public function __construct($name, $value, $expiration = null, $path = null, $secure = true, $httpOnly = true, $sameSite = 'Lax')
     {
         if (is_null($expiration)) {
             $expiration = Date::Now()->AddDays(30)->TimeStamp();
@@ -29,6 +32,9 @@ public function __construct($name, $value, $expiration = null, $path = null)
         $this->Value = $value;
         $this->Expiration = $expiration;    // date(DATE_COOKIE, $expiration);
         $this->Path = $path;
+        $this->Secure = $secure;
+        $this->HttpOnly = $httpOnly;
+        $this->SameSite = $sameSite;
     }
 
     public function Delete()
diff --git a/lib/Server/Server.php b/lib/Server/Server.php
index 3a8a3987a..4966d78a5 100644
--- a/lib/Server/Server.php
+++ b/lib/Server/Server.php
@@ -10,8 +10,17 @@ public function __construct()
 
     public function SetCookie(Cookie $cookie)
     {
-        setcookie($cookie->Name, $cookie->Value, $cookie->Expiration, $cookie->Path);
-    }
+        setcookie(
+            $cookie->Name, 
+            $cookie->Value, 
+            [
+                'expires' => $cookie->Expiration,
+                'path' => $cookie->Path,
+                'secure' => $cookie->Secure,
+                'httponly' => $cookie->HttpOnly,
+                'samesite' => $cookie->SameSite
+            ]
+        );    }
 
     public function DeleteCookie(Cookie $cookie)
     {