From e30381daf20432a4007e968427f8a2137c8adb2b Mon Sep 17 00:00:00 2001
From: Chris Burgess <chris@giantrobot.co.nz>
Date: Thu, 17 Mar 2016 20:37:58 +1300
Subject: [PATCH] CRM-16900. Set secure flag to restrict cookies to SSL where
 appropriate.

---
 CRM/Campaign/BAO/Petition.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/CRM/Campaign/BAO/Petition.php b/CRM/Campaign/BAO/Petition.php
index d5e4c0a2ec..2c5adc6a40 100644
--- a/CRM/Campaign/BAO/Petition.php
+++ b/CRM/Campaign/BAO/Petition.php
@@ -220,9 +220,10 @@ SELECT  petition.id                         as id,
         CRM_Core_BAO_CustomValueTable::store($params['custom'], 'civicrm_activity', $activity->id);
       }
 
-      // set permanent cookie to indicate this petition already signed on the computer
+      // Set browser cookie to indicate this petition was already signed.
       $config = CRM_Core_Config::singleton();
-      setcookie('signed_' . $params['sid'], $activity->id, time() + $this->cookieExpire, $config->userFrameworkBaseURL);
+      $url_parts = parse_url($config->userFrameworkBaseURL);
+      setcookie('signed_' . $params['sid'], $activity->id, time() + $this->cookieExpire, $url_parts['path'], $url_parts['host'], CRM_Utils_System::isSSL());
     }
 
     return $activity;
@@ -268,10 +269,13 @@ AND         tag_id = ( SELECT id FROM civicrm_tag WHERE name = %2 )";
       && isset($activity_id) && is_numeric($activity_id)) {
       // set permanent cookie to indicate this users email address now confirmed
       $config = CRM_Core_Config::singleton();
+      $url_parts = parse_url($config->userFrameworkBaseURL);
       setcookie("confirmed_{$petition_id}",
         $activity_id,
         time() + $this->cookieExpire,
-        $config->userFrameworkBaseURL
+        $url_parts['path'],
+        $url_parts['host'],
+        CRM_Utils_System::isSSL()
       );
       return TRUE;
     }
-- 
2.25.1