Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.7.3

Request #17259 Security improvements
Submitted: 2010-03-24 17:11 UTC
From: darizotas Assigned: till
Status: Assigned Package: HTTP_Session2 (version 0.7.2)
PHP Version: 5.2.12 OS: Windows
Roadmaps: 0.8.0    
Subscription  


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 50 - 17 = ?

 
 [2010-03-24 17:11 UTC] darizotas (Dario Borreguero)
Description: ------------ In order to have a more accurate control over cookies such as path, domain, secure channel (only https) and avoid javascript access to cookies (I'm concerned about the requirement that implies: PHP 5.2.x or newer), I've extended the class HTTP_Session2 implementing a new private method that sets the cookie variables (see attached file): - setCookieVars(...) And modified the method to include all these parameters and call to setCookieVars: - useCookies(...) I hope this helps. Dario

Comments

 [2010-03-24 17:15 UTC] darizotas (Dario Borreguero)
 [2010-03-24 18:00 UTC] till (Till Klampaeckel)
Can you try to submit a real patch (aka a diff)? Just get the original copy of the file and do this: diff -up Session2.php.orig Session2.php (or the other way around) :)
 [2010-03-25 03:09 UTC] darizotas (Dario Borreguero)
 [2010-03-25 03:10 UTC] darizotas (Dario Borreguero)
I hope the uploaded patch has the correct format. Dario.
 [2010-06-22 21:53 UTC] till (Till Klampaeckel)
-Roadmap Versions: +Roadmap Versions: 0.8.0
Yes, all correct, I'll review this and try to write a test too for the 0.8.0 release.
 [2011-03-12 00:34 UTC] till (Till Klampaeckel)
-Status: Open +Status: Analyzed -Assigned To: +Assigned To: till
 [2011-03-12 04:36 UTC] till (Till Klampaeckel)
-Status: Analyzed +Status: Closed
This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. I committed your patch with minor changes, let me know when you get a chance to check it out. http://svn.php.net/viewvc/pear/packages/HTTP_Session2/trunk/
 [2011-11-07 18:41 UTC] doconnor (Daniel O'Connor)
-Status: Closed +Status: Open
Actually; this added two parse errors. Also, the use of time() makes it harder to test these particular changs
 [2011-11-07 18:45 UTC] doconnor (Daniel O'Connor)
Till, I fixed the parse errors in r318878. Can you eyeball the changes and other recent commits in that area to check you are happy with 'em / no other parse errors exist? http://test.pear.php.net:8080/job/HTTP_Session2/ should pick up the change in a few hours; or you can kick off a build if you want.
 [2011-11-07 18:47 UTC] doconnor (Daniel O'Connor)
http://svn.php.net/viewvc/pear/packages/HTTP_Session2/trunk/HTTP/Session2.php? revision=309131&view=markup#l411 was the line introduced.
 [2011-11-07 19:46 UTC] till (Till Klampaeckel)
Thanks, I didn't see this for some reason.