diff options
| -rwxr-xr-x | index.php | 20 | ||||
| -rw-r--r-- | version.inc | 2 |
2 files changed, 12 insertions, 10 deletions
@@ -55,6 +55,17 @@ if(! $a->install) { call_hooks('init_1'); load_translation_table($a->language); + // Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start(). + + if((! $a->install) && intval($a->config['system']['ssl_cookie_protection'])) { + $arr = session_get_cookie_params(); + session_set_cookie_params( + ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5), + ((isset($arr['path'])) ? $arr['path'] : '/'), + ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()), + ((isset($_SERVER['HTTPS'])) ? true : false), + ((isset($arr['httponly'])) ? $arr['httponly'] : true)); + } } else { // load translations but do not check plugins as we have no database @@ -73,15 +84,6 @@ else { * */ -// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start(). - -$arr = session_get_cookie_params(); -session_set_cookie_params( - ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5), - ((isset($arr['path'])) ? $arr['path'] : '/'), - ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()), - ((isset($_SERVER['HTTPS'])) ? true : false), - ((isset($arr['httponly'])) ? $arr['httponly'] : true)); session_start(); /** diff --git a/version.inc b/version.inc index 101a79e18..ecc31a81a 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2014-05-07.668 +2014-05-08.669 |