tyler.durden/opensupports
1
0
Fork 0
mirror of https://github.com/opensupports/opensupports.git synced 2025-07-30 01:05:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update php cookies security (#1056)

Browse Source 
* set php cookies

* update edit title doc

* add session renerate id to session createSession function
This commit is contained in:
Guillermo Giuliana 2021-10-18 22:06:32 -03:00 committed by GitHub
parent e15bd15f07
commit 02cf8f0da3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
server/Dockerfile
View File

@ -10,3 +10,4 @@ RUN apt-get update && \
# ENVIRONMENT VARIABLES # ENVIRONMENT VARIABLES
ENV MYSQL_HOST opensupports-db ENV MYSQL_HOST opensupports-db
ENV MYSQL_PORT 3306 ENV MYSQL_PORT 3306
ENV IS_DOCKER 1

2
server/controllers/ticket/delete.php
View File

@ -20,7 +20,7 @@ DataValidator::with('CustomValidations', true);
* @apiUse INVALID_TICKET * @apiUse INVALID_TICKET
* *
* @apiSuccess {Object} data Empty object * @apiSuccess {Object} data Empty object
*ulp d *
*/ */
class DeleteController extends Controller { class DeleteController extends Controller {

4
server/models/Session.php
View File

@ -1,5 +1,8 @@
<?php <?php
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', getenv('IS_DOCKER') ? 0 : 1);
class Session { class Session {
use SingletonTrait; use SingletonTrait;
@ -31,6 +34,7 @@ class Session {
} }
public function createSession($userId, $staff = false, $ticketNumber = null) { public function createSession($userId, $staff = false, $ticketNumber = null) {
session_regenerate_id();
$this->store('userId', $userId); $this->store('userId', $userId);
$this->store('staff', $staff); $this->store('staff', $staff);
$this->store('ticketNumber', $ticketNumber); $this->store('ticketNumber', $ticketNumber);