From 09569b5501a3647b1120ae6a85de5a7b1e18736c Mon Sep 17 00:00:00 2001 From: stekkel Date: Thu, 6 Apr 2006 20:56:26 +0000 Subject: [PATCH] The header function of PHP sucks hard. By sending multiple headers at once i got the HttpOnly thing working. Now PHP 5.1.2 and 4.4.2 forbid that because of security reasons. So i fallback to setcookie until this is resolved. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11042 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/global.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/functions/global.php b/functions/global.php index f9c189fe..abe5666d 100644 --- a/functions/global.php +++ b/functions/global.php @@ -267,7 +267,9 @@ function sqsession_start() { // session_starts sets the sessionid cookie buth without the httponly var // setting the cookie again sets the httponly cookie attribute - sqsetcookie(session_name(),session_id(),false,$base_uri); + + // disable, @see sqsetcookie and php 5.1.2 + // sqsetcookie(session_name(),session_id(),false,$base_uri); } @@ -293,9 +295,17 @@ function sqsetcookie($sName,$sValue,$iExpire=false,$sPath="",$sDomain="",$bSecur * If that happens we send the cookie header. */ if ($bFlush) { - header($sCookieCache); + // header($sCookieCache); return; } + if (!$sName) return; + + // php 5.1.2 and 4.4.2 do not allow to send multiple headers at once. + // Because that's the only way to get this thing working we fallback to + // setcookie until we solved this + if ($iExpire===false) $iExpire = 0; + setcookie($sName, $sValue, $iExpire, $sPath); + return; $sHeader = "Set-Cookie: $sName=$sValue"; if ($sPath) { @@ -317,9 +327,7 @@ function sqsetcookie($sName,$sValue,$iExpire=false,$sPath="",$sDomain="",$bSecur } // $sHeader .= "; Version=1"; $sCookieCache .= $sHeader ."\r\n"; - if ($bFlush) { - header($sCookieCache); - } + //header($sHeader."\r\n"); } /** -- 2.25.1