[interchange] Set MV_PASSWORD cookie to be secure if set from a secure page
Josh Lavin
interchange-cvs at icdevgroup.org
Mon Dec 24 23:55:45 UTC 2012
commit 13e4f4e183be96f625667605644e22e8e9cfc474
Author: Josh Lavin <josh at perusion.com>
Date: Mon Dec 24 15:53:47 2012 -0800
Set MV_PASSWORD cookie to be secure if set from a secure page
Adds new option for UserDB, "secure_cookies". Defaults to 1 if called from HTTPS page.
lib/Vend/UserDB.pm | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
---
diff --git a/lib/Vend/UserDB.pm b/lib/Vend/UserDB.pm
index e2ae946..94ef5d0 100644
--- a/lib/Vend/UserDB.pm
+++ b/lib/Vend/UserDB.pm
@@ -1568,7 +1568,7 @@ sub login {
);
}
- username_cookies($self->{PASSED_USERNAME} || $self->{USERNAME}, $pw)
+ username_cookies($self->{PASSED_USERNAME} || $self->{USERNAME}, $pw, $self->{OPTIONS}{secure_cookies})
if $Vend::Cfg->{CookieLogin};
if ($self->{LOCATION}{LAST} ne 'none') {
@@ -1985,7 +1985,7 @@ sub new_account {
else {
$self->set_values() unless $self->{OPTIONS}{no_set};
$self->{USERNAME} = $foreign if $foreign;
- username_cookies($self->{USERNAME}, $pw)
+ username_cookies($self->{USERNAME}, $pw, $self->{OPTIONS}{secure_cookies})
if $Vend::Cfg->{CookieLogin};
$self->log('new account') if $options{'log'};
@@ -2013,7 +2013,7 @@ sub new_account {
}
sub username_cookies {
- my ($user, $pw) = @_;
+ my ($user, $pw, $secure) = @_;
return unless
$CGI::values{mv_cookie_password} or
$CGI::values{mv_cookie_username} or
@@ -2021,13 +2021,14 @@ sub username_cookies {
Vend::Util::read_cookie('MV_USERNAME');
$::Instance->{Cookies} = [] unless defined $::Instance->{Cookies};
my $exp = time() + $Vend::Cfg->{SaveExpire};
+ $secure ||= $CGI::secure;
push @{$::Instance->{Cookies}},
['MV_USERNAME', $user, $exp];
return unless
$CGI::values{mv_cookie_password} or
Vend::Util::read_cookie('MV_PASSWORD');
push @{$::Instance->{Cookies}},
- ['MV_PASSWORD', $pw, $exp];
+ ['MV_PASSWORD', $pw, $exp, undef, undef, $secure];
return;
}
More information about the interchange-cvs
mailing list