From: Chris Burgess Date: Thu, 17 Mar 2016 07:37:58 +0000 (+1300) Subject: CRM-16900. Set secure flag to restrict cookies to SSL where appropriate. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=e30381daf20432a4007e968427f8a2137c8adb2b;p=civicrm-core.git CRM-16900. Set secure flag to restrict cookies to SSL where appropriate. --- diff --git a/CRM/Campaign/BAO/Petition.php b/CRM/Campaign/BAO/Petition.php index d5e4c0a2ec..2c5adc6a40 100644 --- a/CRM/Campaign/BAO/Petition.php +++ b/CRM/Campaign/BAO/Petition.php @@ -220,9 +220,10 @@ SELECT petition.id as id, CRM_Core_BAO_CustomValueTable::store($params['custom'], 'civicrm_activity', $activity->id); } - // set permanent cookie to indicate this petition already signed on the computer + // Set browser cookie to indicate this petition was already signed. $config = CRM_Core_Config::singleton(); - setcookie('signed_' . $params['sid'], $activity->id, time() + $this->cookieExpire, $config->userFrameworkBaseURL); + $url_parts = parse_url($config->userFrameworkBaseURL); + setcookie('signed_' . $params['sid'], $activity->id, time() + $this->cookieExpire, $url_parts['path'], $url_parts['host'], CRM_Utils_System::isSSL()); } return $activity; @@ -268,10 +269,13 @@ AND tag_id = ( SELECT id FROM civicrm_tag WHERE name = %2 )"; && isset($activity_id) && is_numeric($activity_id)) { // set permanent cookie to indicate this users email address now confirmed $config = CRM_Core_Config::singleton(); + $url_parts = parse_url($config->userFrameworkBaseURL); setcookie("confirmed_{$petition_id}", $activity_id, time() + $this->cookieExpire, - $config->userFrameworkBaseURL + $url_parts['path'], + $url_parts['host'], + CRM_Utils_System::isSSL() ); return TRUE; }