oidplusalarmingautosfxaysaliacalllibchecksum-toolscolormanagercryptochatcurrency_converterdecoderdelphiutilsdistributeddpcstudiodpg2fastphpfileformatsfilter_foundryforestgridgameht46f47_simulatorindexer_suiteipe_artfile_utilsjavautilsjumperlightgamelogviewermusikboxmystic_houseoidconverteroidinfo_apioidinfo_new_designpersonal-webbasephp_antispamphp_clientchallengephp_guestbookphp_utilsplumbersprependrecyclebinunitsimple_log_eventsokobanspacemissionstackmanuserdetect2uuid_mac_utilsvgwhoisvnagwebcounterwinbugtrackeryt_downloader

BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /trunk @ 1343

  → /trunk @ 1344

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Regard whitespace Rev 1343 → Rev 1344

/trunk/doc/config_values.md
456,7 → 456,7
### COOKIE_DOMAIN
OIDplus::baseConfig()->setValue('COOKIE_DOMAIN', '');
OIDplus::baseConfig()->setValue('COOKIE_DOMAIN', '(auto)');
Can be used to increase security by setting an explicit domain-name in the cookies.
Set to '' (empty string) to allow all (sub)domains.
464,7 → 464,7
### COOKIE_PATH
OIDplus::baseConfig()->setValue('COOKIE_PATH', '/');
OIDplus::baseConfig()->setValue('COOKIE_PATH', '(auto));
Can be used to increase security by setting an explicit pathname in the cookies.
Set to '/' to allow all paths.

/trunk/includes/classes/OIDplusCookieUtils.class.php
39,9 → 39,13
* @throws OIDplusException
*/
private function getCookieDomain(): string {
$default_domain = '(auto)'; // ini_get('session.cookie_domain');
$domain = OIDplus::baseConfig()->getValue('COOKIE_DOMAIN', $default_domain);
$domain = OIDplus::baseConfig()->getValue('COOKIE_DOMAIN', '(auto)');
if ($domain === '(auto)') {
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
// If OIDplus is called through a Reverse Proxy, we must make sure that the cookies are working.
$domain = $_SERVER['HTTP_X_FORWARDED_HOST'];
} else {
$default_domain = ''; // ini_get('session.cookie_domain');
$tmp = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE/*_CANONICAL*/);
if ($tmp === false) return $default_domain;
$tmp = parse_url($tmp);
49,6 → 53,7
if (!isset($tmp['host'])) return $default_domain;
$domain = $tmp['host'];
}
}
return $domain;
}
57,9 → 62,16
* @throws OIDplusException
*/
private function getCookiePath(): string {
$default_path = '(auto)'; // ini_get('session.cookie_path');
$path = OIDplus::baseConfig()->getValue('COOKIE_PATH', $default_path);
$path = OIDplus::baseConfig()->getValue('COOKIE_PATH', '(auto)');
if ($path === '(auto)') {
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
// If OIDplus is called through a Reverse Proxy, we must make sure that the cookies are working.
// Since we don't know the path the client is using, we need to set the path to '/'
// Alternatively, the system owner can evaluate HTTP_X_FORWARDED_HOST inside the base configuration file
// and set the COOKIE_PATH setting based on HTTP_X_FORWARDED_HOST.
$path = '/';
} else {
$default_path = '/'; // ini_get('session.cookie_path');
$tmp = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE/*_CANONICAL*/);
if ($tmp === false) return $default_path;
$tmp = parse_url($tmp);
71,6 → 83,7
//$path = OIDplus::webpath(null,OIDplus::PATH_RELATIVE_TO_ROOT_CANONICAL);
//if ($path === false) return $default_path;
}
}
return $path;
}