transmit cookie only over HTTPS, fixes #472

This commit is contained in:
El RIDO 2021-04-16 20:15:12 +02:00
parent 9e6eb50ced
commit 1dc8b24665
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
5 changed files with 6 additions and 5 deletions

View file

@ -3,6 +3,7 @@
* **1.4 (not yet released)**
* ADDED: Translation for Estonian
* ADDED: new HTTP headers improving security (#765)
* CHANGED: Language selection cookie only transmitted over HTTPS (#472)
* **1.3.5 (2021-04-05)**
* ADDED: Translation for Hebrew, Lithuanian, Indonesian and Catalan
* ADDED: Make the project info configurable (#681)

View file

@ -3676,7 +3676,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
function setLanguage(event)
{
document.cookie = 'lang=' + $(event.target).data('lang');
document.cookie = 'lang=' + $(event.target).data('lang') + ';secure';
UiHelper.reloadHome();
}

View file

@ -170,7 +170,7 @@ class Controller
// force default language, if language selection is disabled and a default is set
if (!$this->_conf->getKey('languageselection') && strlen($lang) == 2) {
$_COOKIE['lang'] = $lang;
setcookie('lang', $lang);
setcookie('lang', $lang, 0, '', '', true);
}
}
@ -367,7 +367,7 @@ class Controller
$languageselection = '';
if ($this->_conf->getKey('languageselection')) {
$languageselection = I18n::getLanguage();
setcookie('lang', $languageselection);
setcookie('lang', $languageselection, 0, '', '', true);
}
$page = new View;

View file

@ -72,7 +72,7 @@ endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.2.7.js" integrity="sha512-7Ka1I/nJuR2CL8wzIS5PJS4HgEMd0HJ6kfAl6fFhwFBB27rhztFbe0tS+Ex+Qg+5n4nZIT4lty4k4Di3+X9T4A==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-/7gEqgCgQA9cgLUf5rBj+nfJptVm92LAYxvBN7mmeG+xkq9lQ+eY7DWQY47TGXXA7HqkCwk7424mnBiYZvCAUQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-BAc7Bcew+3hIQ84bibDMcMjr5ShiJU0jUnHX4x14ySB7yq/dh+LsbMobBOCBJbOWsndK0sDxpIeA3kWMW0/lrQ==" crossorigin="anonymous"></script>
<!-- icon -->
<link rel="apple-touch-icon" href="<?php echo I18n::encode($BASEPATH); ?>img/apple-touch-icon.png" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png" sizes="32x32" />

View file

@ -50,7 +50,7 @@ endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.2.7.js" integrity="sha512-7Ka1I/nJuR2CL8wzIS5PJS4HgEMd0HJ6kfAl6fFhwFBB27rhztFbe0tS+Ex+Qg+5n4nZIT4lty4k4Di3+X9T4A==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-/7gEqgCgQA9cgLUf5rBj+nfJptVm92LAYxvBN7mmeG+xkq9lQ+eY7DWQY47TGXXA7HqkCwk7424mnBiYZvCAUQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-BAc7Bcew+3hIQ84bibDMcMjr5ShiJU0jUnHX4x14ySB7yq/dh+LsbMobBOCBJbOWsndK0sDxpIeA3kWMW0/lrQ==" crossorigin="anonymous"></script>
<!-- icon -->
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />