[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[14917] branches/SM-1_4-STABLE/squirrelmail/ functions/global.php
From: pdontthink--- via squirrelmail-cvs <squirrelmail-cvs () lists ! sourceforge ! net>
Date: 2021-05-07 8:56:16
Message-ID: 1620377776.409724.24474 () sfp-scm-7 ! v30 ! lw ! sourceforge ! com
[Download RAW message or body]
Revision: 14917
http://sourceforge.net/p/squirrelmail/code/14917
Author: pdontthink
Date: 2021-05-07 08:56:16 +0000 (Fri, 07 May 2021)
Log Message:
-----------
Add cookie SameSite attribute; uses default if "Strict" but can be overridden by \
$same_site_cookies in config_local.php
Modified Paths:
--------------
branches/SM-1_4-STABLE/squirrelmail/functions/global.php
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/global.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/global.php 2021-04-18 08:32:35 UTC \
(rev 14916)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/global.php 2021-05-07 08:56:16 UTC \
(rev 14917) @@ -506,6 +506,16 @@
* transmitted over a secure HTTPS connection.
* @param boolean $bHttpOnly Disallow JS to access the cookie (IE6/FF2)
* @param boolean $bReplace Replace previous cookies with same name?
+ * @param string $sSameSite Optional override of the default SameSite
+ * cookie policy detemined from the global
+ * configuration item $same_site_cookies
+ * (which can be set in config/config_local.php)
+ * (should be NULL to accept the configured global
+ * default or one of "Lax" "Strict" or "None"
+ * but "None" will not work if $bSecure is FALSE.
+ * Can also be set set to an empty string in order
+ * to NOT specify the SameSite cookie attribute at
+ * all and accept whatever the browser default is)
*
* @return void
*
@@ -513,7 +523,7 @@
*
*/
function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="",
- $bSecure=false, $bHttpOnly=true, $bReplace=false) {
+ $bSecure=false, $bHttpOnly=true, $bReplace=false, \
$sSameSite=NULL) {
// some environments can get overwhelmed by an excessive
// setting of the same cookie over and over (e.g., many
@@ -548,6 +558,21 @@
if (!$only_secure_cookies)
$bSecure = false;
+ // use global SameSite setting, but allow override
+ // The global $same_site_cookies (for which an override value
+ // can be specified in config/config_local.php) defaults to
+ // "Strict" when it is NULL (when not given in the config file),
+ // or can be manually set to "Lax" "Strict" or "None" if desired
+ // or can be set to an empty string in order to not specify
+ // SameSite at all and use the browser default
+ if (is_null($sSameSite)) {
+ global $same_site_cookies;
+ if (is_null($same_site_cookies))
+ $sSameSite = 'Strict';
+ else
+ $sSameSite = $same_site_cookies;
+ }
+
if (false && check_php_version(5,2)) {
// php 5 supports the httponly attribute in setcookie, but because setcookie \
seems a bit
// broken we use the header function for php 5.2 as well. We might change \
that later. @@ -568,7 +593,8 @@
. (empty($sPath) ? '' : '; path=' . $sPath)
. (empty($sDomain) ? '' : '; domain=' . $sDomain)
. (!$bSecure ? '' : '; secure')
- . (!$bHttpOnly ? '' : '; HttpOnly'), $bReplace);
+ . (!$bHttpOnly ? '' : '; HttpOnly')
+ . (empty($sSameSite) ? '' : '; SameSite=' . $sSameSite), \
$bReplace); }
}
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic