diff options
Diffstat (limited to 'include')
| -rwxr-xr-x | include/items.php | 2 | ||||
| -rw-r--r-- | include/session.php | 23 |
2 files changed, 20 insertions, 5 deletions
diff --git a/include/items.php b/include/items.php index 1b8824793..bb4d1108e 100755 --- a/include/items.php +++ b/include/items.php @@ -4132,7 +4132,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) { $o .= '<thr:in-reply-to ref="' . xmlify($parent_item) . '" type="text/html" href="' . xmlify($item['plink']) . '" />' . "\r\n"; } - if(activity_compare($item['obj_type'],ACTIVITY_OBJ_EVENT) && activity_compare($item['verb'],ACTIVITY_POST)) { + if(activity_match($item['obj_type'],ACTIVITY_OBJ_EVENT) && activity_match($item['verb'],ACTIVITY_POST)) { $obj = ((is_array($item['obj'])) ? $item['object'] : json_decode($item['object'],true)); $o .= '<title>' . xmlify($item['title']) . '</title>' . "\r\n"; diff --git a/include/session.php b/include/session.php index 92004bc18..182805980 100644 --- a/include/session.php +++ b/include/session.php @@ -1,4 +1,5 @@ <?php + /** * @file include/session.php * @@ -14,8 +15,8 @@ $session_expire = 180000; function new_cookie($time) { $old_sid = session_id(); -// ??? This shouldn't have any effect if called after session_start() -// We probably need to set the session expiration and change the PHPSESSID cookie. + // ??? This shouldn't have any effect if called after session_start() + // We probably need to set the session expiration and change the PHPSESSID cookie. session_set_cookie_params($time); session_regenerate_id(false); @@ -108,8 +109,9 @@ ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); /* - * PHP function which sets our user-level session storage functions. + * Set our session storage functions. */ + session_set_save_handler( 'ref_session_open', 'ref_session_close', @@ -117,4 +119,17 @@ session_set_save_handler( 'ref_session_write', 'ref_session_destroy', 'ref_session_gc' -);
\ No newline at end of file +); + + + // Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start(). + + if(intval($a->config['system']['ssl_cookie_protection'])) { + $arr = session_get_cookie_params(); + session_set_cookie_params( + ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0), + ((isset($arr['path'])) ? $arr['path'] : '/'), + ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()), + ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), + ((isset($arr['httponly'])) ? $arr['httponly'] : true)); + }
\ No newline at end of file |