From 88ce86416209c70cf514fc0d083a02bc9b1cfce8 Mon Sep 17 00:00:00 2001
From: ThomasJanda <info@reisacher-software.de>
Date: Mon, 25 May 2020 23:51:41 +0200
Subject: [PATCH] bugfix

---
 Application/views/admin/de/security_lang.php |  2 +-
 Application/views/admin/en/security_lang.php |  2 +-
 Core/UtilsServer.php                         | 45 +++++++-------------
 metadata.php                                 |  2 +-
 4 files changed, 19 insertions(+), 32 deletions(-)

diff --git a/Application/views/admin/de/security_lang.php b/Application/views/admin/de/security_lang.php
index f48bb06..24a438c 100755
--- a/Application/views/admin/de/security_lang.php
+++ b/Application/views/admin/de/security_lang.php
@@ -54,7 +54,7 @@
 
     'SHOP_MODULE_GROUP_rs-security_cookie_SameSite' => 'Cookie SameSite',
     'SHOP_MODULE_rs-security_cookie_SameSite_enabled' => 'Enabled? (Only use if shop is in SSL mode!)',
-    'SHOP_MODULE_rs-security_cookie_SameSite' => 'Default: Strict, Other options: None, Lax',
+    'SHOP_MODULE_rs-security_cookie_SameSite' => 'Default: Lax, Other options: None, Lax, Strict',
 
     /*
     'SHOP_MODULE_GROUP_rs-security_cookie_prefix' => 'Cookie prefix',
diff --git a/Application/views/admin/en/security_lang.php b/Application/views/admin/en/security_lang.php
index aac6056..03581ea 100755
--- a/Application/views/admin/en/security_lang.php
+++ b/Application/views/admin/en/security_lang.php
@@ -45,7 +45,7 @@
     'SHOP_MODULE_rs-security_OtherValue3' => 'Value for the header (3)',
     'SHOP_MODULE_GROUP_rs-security_cookie_SameSite' => 'Cookie SameSite',
     'SHOP_MODULE_rs-security_cookie_SameSite_enabled' => 'Enabled? (Only use if shop is in SSL mode!)',
-    'SHOP_MODULE_rs-security_cookie_SameSite' => 'Default: Strict, Other options: None, Lax',
+    'SHOP_MODULE_rs-security_cookie_SameSite' => 'Default: Lax, Other options: None, Lax, Strict',
     /*
       'SHOP_MODULE_GROUP_rs-security_cookie_prefix' => 'Cookie prefix',
       'SHOP_MODULE_rs-security_cookie_prefix_enabled' => 'Enabled?',
diff --git a/Core/UtilsServer.php b/Core/UtilsServer.php
index bcd2c31..82cf02d 100644
--- a/Core/UtilsServer.php
+++ b/Core/UtilsServer.php
@@ -8,15 +8,15 @@ class UtilsServer extends UtilsServer_parent
     protected function _rs_security__getCookieSameSite()
     {
         $oConfig = $this->getConfig();
-        if(!$this->_rs_security__isSecure()) return "";
-        
+        if (!$this->_rs_security__isSecure()) return "";
+
         $sSameSite = "";
         if ((bool) $oConfig->getConfigParam('rs-security_cookie_SameSite_enabled',
                 false)) {
             $sSameSite = $oConfig->getConfigParam('rs-security_cookie_SameSite',
                 '');
         }
-        
+
         return $sSameSite;
     }
 
@@ -25,8 +25,7 @@ protected function _rs_security__isSecure()
         $config = $this->getConfig();
         return ($config->isSsl() && $config->getSslShopUrl() == $config->getShopUrl());
     }
-    
-    
+
     /**
      * sets cookie
      *
@@ -46,15 +45,12 @@ public function setOxCookie($sName, $sValue = "", $iExpire = 0,
                                 $blToSession = true, $blSecure = false,
                                 $blHttpOnly = true)
     {
-        
+
         $sSameSite = $this->_rs_security__getCookieSameSite();
 
-        if($sSameSite=="")
-        {
-            return parent::setOxCookie ($sName, $sValue, $iExpire,
-            $sPath, $sDomain,
-            $blToSession, $blSecure,
-            $blHttpOnly);
+        if ($sSameSite == "") {
+            return parent::setOxCookie($sName, $sValue, $iExpire, $sPath,
+                    $sDomain, $blToSession, $blSecure, $blHttpOnly);
         }
 
         if ($blToSession && !$this->isAdmin()) {
@@ -62,7 +58,6 @@ public function setOxCookie($sName, $sValue = "", $iExpire = 0,
                 $sDomain);
         }
 
-        $config   = $this->getConfig();
         //if shop runs in https only mode we can set secure flag to all cookies
         $blSecure = $blSecure || $this->_rs_security__isSecure();
 
@@ -72,38 +67,30 @@ public function setOxCookie($sName, $sValue = "", $iExpire = 0,
             //PHP < 7.3.0
 
             $inject = "";
-            if($sSameSite!="")
-            {
+            if ($sSameSite != "") {
                 $inject = "; SameSite=".$sSameSite;
             }
 
             $ret = setcookie(
-                $sName, 
-                $sValue, 
-                $iExpire, 
+                $sName, $sValue, $iExpire,
                 $this->_getCookiePath($sPath).$inject,
-                $this->_getCookieDomain($sDomain), 
-                $blSecure, 
-                $blHttpOnly
+                $this->_getCookieDomain($sDomain), $blSecure, $blHttpOnly
             );
-        }
-        else
-        {
+        } else {
             //PHP >= 7.3.0
 
-            $aParam=[
+            $aParam = [
                 'expires' => $iExpire,
                 'path' => $this->_getCookiePath($sPath),
                 'domain' => $this->_getCookieDomain($sDomain),
                 'secure' => $blSecure,
                 'httponly' => $blHttpOnly
             ];
-            
-            if($sSameSite!="")
-            {
+
+            if ($sSameSite != "") {
                 $aParam['samesite'] = $sSameSite;
             }
-            
+
             $ret = setcookie($sName, $sValue, $aParam);
         }
 
diff --git a/metadata.php b/metadata.php
index d95fc8f..f2ae155 100755
--- a/metadata.php
+++ b/metadata.php
@@ -233,7 +233,7 @@
             'group' => 'rs-security_cookie_SameSite',
             'name' => 'rs-security_cookie_SameSite',
             'type' => 'str',
-            'value' => 'Strict',
+            'value' => 'Lax',
         ),
 
         /* ----- */