Skip to content

Commit

Permalink
bugfix
Browse files Browse the repository at this point in the history
  • Loading branch information
ThomasJanda committed May 25, 2020
1 parent 47e1dc9 commit 88ce864
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 32 deletions.
2 changes: 1 addition & 1 deletion Application/views/admin/de/security_lang.php
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@

'SHOP_MODULE_GROUP_rs-security_cookie_SameSite' => 'Cookie SameSite',
'SHOP_MODULE_rs-security_cookie_SameSite_enabled' => 'Enabled? (Only use if shop is in SSL mode!)',
'SHOP_MODULE_rs-security_cookie_SameSite' => 'Default: Strict, Other options: None, Lax',
'SHOP_MODULE_rs-security_cookie_SameSite' => 'Default: Lax, Other options: None, Lax, Strict',

/*
'SHOP_MODULE_GROUP_rs-security_cookie_prefix' => 'Cookie prefix',
Expand Down
2 changes: 1 addition & 1 deletion Application/views/admin/en/security_lang.php
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
'SHOP_MODULE_rs-security_OtherValue3' => 'Value for the header (3)',
'SHOP_MODULE_GROUP_rs-security_cookie_SameSite' => 'Cookie SameSite',
'SHOP_MODULE_rs-security_cookie_SameSite_enabled' => 'Enabled? (Only use if shop is in SSL mode!)',
'SHOP_MODULE_rs-security_cookie_SameSite' => 'Default: Strict, Other options: None, Lax',
'SHOP_MODULE_rs-security_cookie_SameSite' => 'Default: Lax, Other options: None, Lax, Strict',
/*
'SHOP_MODULE_GROUP_rs-security_cookie_prefix' => 'Cookie prefix',
'SHOP_MODULE_rs-security_cookie_prefix_enabled' => 'Enabled?',
Expand Down
45 changes: 16 additions & 29 deletions Core/UtilsServer.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,15 @@ class UtilsServer extends UtilsServer_parent
protected function _rs_security__getCookieSameSite()
{
$oConfig = $this->getConfig();
if(!$this->_rs_security__isSecure()) return "";
if (!$this->_rs_security__isSecure()) return "";

$sSameSite = "";
if ((bool) $oConfig->getConfigParam('rs-security_cookie_SameSite_enabled',
false)) {
$sSameSite = $oConfig->getConfigParam('rs-security_cookie_SameSite',
'');
}

return $sSameSite;
}

Expand All @@ -25,8 +25,7 @@ protected function _rs_security__isSecure()
$config = $this->getConfig();
return ($config->isSsl() && $config->getSslShopUrl() == $config->getShopUrl());
}



/**
* sets cookie
*
Expand All @@ -46,23 +45,19 @@ public function setOxCookie($sName, $sValue = "", $iExpire = 0,
$blToSession = true, $blSecure = false,
$blHttpOnly = true)
{

$sSameSite = $this->_rs_security__getCookieSameSite();

if($sSameSite=="")
{
return parent::setOxCookie ($sName, $sValue, $iExpire,
$sPath, $sDomain,
$blToSession, $blSecure,
$blHttpOnly);
if ($sSameSite == "") {
return parent::setOxCookie($sName, $sValue, $iExpire, $sPath,
$sDomain, $blToSession, $blSecure, $blHttpOnly);
}

if ($blToSession && !$this->isAdmin()) {
$this->_saveSessionCookie($sName, $sValue, $iExpire, $sPath,
$sDomain);
}

$config = $this->getConfig();
//if shop runs in https only mode we can set secure flag to all cookies
$blSecure = $blSecure || $this->_rs_security__isSecure();

Expand All @@ -72,38 +67,30 @@ public function setOxCookie($sName, $sValue = "", $iExpire = 0,
//PHP < 7.3.0

$inject = "";
if($sSameSite!="")
{
if ($sSameSite != "") {
$inject = "; SameSite=".$sSameSite;
}

$ret = setcookie(
$sName,
$sValue,
$iExpire,
$sName, $sValue, $iExpire,
$this->_getCookiePath($sPath).$inject,
$this->_getCookieDomain($sDomain),
$blSecure,
$blHttpOnly
$this->_getCookieDomain($sDomain), $blSecure, $blHttpOnly
);
}
else
{
} else {
//PHP >= 7.3.0

$aParam=[
$aParam = [
'expires' => $iExpire,
'path' => $this->_getCookiePath($sPath),
'domain' => $this->_getCookieDomain($sDomain),
'secure' => $blSecure,
'httponly' => $blHttpOnly
];

if($sSameSite!="")
{

if ($sSameSite != "") {
$aParam['samesite'] = $sSameSite;
}

$ret = setcookie($sName, $sValue, $aParam);
}

Expand Down
2 changes: 1 addition & 1 deletion metadata.php
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@
'group' => 'rs-security_cookie_SameSite',
'name' => 'rs-security_cookie_SameSite',
'type' => 'str',
'value' => 'Strict',
'value' => 'Lax',
),

/* ----- */
Expand Down

0 comments on commit 88ce864

Please sign in to comment.