Addressing #371: Added changed suggested in #375

flatpressblog · Apr 15, 2024 · ddfef97 · ddfef97
1 parent 32771f9
commit ddfef97
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 10 deletions.
diff --git a/defaults.php b/defaults.php
@@ -99,7 +99,7 @@
 // here is where all the attachments will be saved
 define('ATTACHS_DIR', FP_CONTENT . 'attachs/');
 
-include(LANG_DIR . 'browserlang.php');
+include (LANG_DIR . 'browserlang.php');
 define('LANG_DEFAULT', $browserLang);
 define('BPT_SORT', SORT_DESC);
 
@@ -127,15 +127,22 @@
 if (isset($_SERVER ['HTTPS'])) {
 	$_SERVER ['HTTPS'] = htmlspecialchars($_SERVER ['HTTPS'], ENT_QUOTES, "UTF-8");
 }
-$serverport = "false";
-// Unterstützung für Apache und IIS
-ini_set('session.cookie_secure', 1);
-ini_set('session.cookie_httponly', 1);
-ini_set('session.cookie_samesite', 'Lax');
+
+// supports Apache and IIS
+$serverport = '';
 if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
+	// HTTPS enabled
 	$serverport = "https://";
+	ini_set('session.cookie_httponly', 1);
+	define('COOKIE_PREFIX', '__secure-');
+	ini_set('session.cookie_secure', 1);
+	ini_set('session.cookie_samesite', 'Lax');
 } else {
+	// HTTP only
 	$serverport = "http://";
+	ini_set('session.cookie_httponly', 0);
+	define('COOKIE_PREFIX', '');
+	ini_set('session.cookie_secure', 0);
 }
 
 // compatibility with ISS

diff --git a/fp-includes/core/core.cookie.php b/fp-includes/core/core.cookie.php
@@ -9,11 +9,11 @@ function cookie_setup() {
 		define('COOKIEHASH', $fp_config ['general'] ['blogid']);
 
 	if (!defined('USER_COOKIE'))
-		define('USER_COOKIE', 'fpuser_' . COOKIEHASH);
+		define('USER_COOKIE', COOKIE_PREFIX . 'fpuser_' . COOKIEHASH);
 	if (!defined('PASS_COOKIE'))
-		define('PASS_COOKIE', 'fppass_' . COOKIEHASH);
+		define('PASS_COOKIE', COOKIE_PREFIX . 'fppass_' . COOKIEHASH);
 	if (!defined('SESS_COOKIE'))
-		define('SESS_COOKIE', 'fpsess_' . COOKIEHASH);
+		define('SESS_COOKIE', COOKIE_PREFIX . 'fpsess_' . COOKIEHASH);
 
 	if (!defined('COOKIEPATH'))
 		define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));

diff --git a/fp-includes/core/core.system.php b/fp-includes/core/core.system.php
@@ -68,7 +68,7 @@ function system_hashsalt_save($force = false) {
 	return true;
 }
 
-define('SYSTEM_VER', '1.3');
+define('SYSTEM_VER', '1.3.1.dev');
 
 function system_ver() {
 	return 'fp-' . SYSTEM_VER;