File modules/util/Cookie.class.php
Last commit: Thu Nov 19 00:45:44 2020 +0100 Jan Dankert Security fix: We must update the login token on every login; Administrators are able to see the login tokens of users.
1 <?php 2 3 4 namespace util; 5 6 7 use cms\base\Configuration; 8 use cms\base\Startup; 9 10 class Cookie 11 { 12 /** 13 * Gets a cookie 14 * @param $name string key 15 * @param $default string default value 16 * @return string 17 */ 18 public static function get( $name,$default=null ) { 19 $value = @$_COOKIE[ $name ]; 20 if ( !$value ) 21 return $default; 22 return $value; 23 } 24 25 26 /** 27 * is a cookie set? 28 * @param $name string key 29 * @return boolean 30 */ 31 public static function has( $name ) { 32 return isset( $_COOKIE[ $name ] ); 33 } 34 35 36 /** 37 * Sets a cookie. 38 * 39 * @param $name string cookie name 40 * @param $value string cookie value, null or empty to delete 41 */ 42 public static function set($name, $value = '' ) { 43 44 $cookieConfig = Configuration::subset('security')->subset('cookie'); 45 46 if ( ! $value ) 47 $expire = Startup::getStartTime(); // Cookie wird gelöscht. 48 else 49 $expire = Startup::getStartTime() + 60 * 60 * 24 * $cookieConfig->get('expire',2*365); // default: 2 years 50 51 $cookieAttributes = [ 52 rawurlencode($name).'='.rawurlencode($value), 53 'Expires='.date('r',$expire), 54 'Path='.COOKIE_PATH 55 ]; 56 57 if ( $cookieConfig->is('secure',false ) ) 58 $cookieAttributes[] = 'Secure'; 59 60 if ( $cookieConfig->is('httponly',true ) ) 61 $cookieAttributes[] = 'HttpOnly'; 62 63 $cookieAttributes[] = 'SameSite='.$cookieConfig->get('samesite','Lax'); 64 65 header('Set-Cookie: '.implode('; ',$cookieAttributes),false ); 66 } 67 }
Downloadmodules/util/Cookie.class.php
History Thu, 19 Nov 2020 00:45:44 +0100 Jan Dankert Security fix: We must update the login token on every login; Administrators are able to see the login tokens of users.