From cefd1d8c913aa81ddce83e9de7f5bfb22aa4b2d9 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 25 Sep 2008 09:30:18 -0400
Subject: [PATCH] DRY: set (secure) cookies using rcmail::setcookie() + set session.only_use_cookies

---
 program/include/rcmail.php |   25 +++++++++++++++++++------
 1 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index ac328eb..33bc38b 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -223,7 +223,7 @@
   /**
    * Get the current database connection
    *
-   * @return object rcube_db  Database connection object
+   * @return object rcube_mdb2  Database connection object
    */
   public function get_dbh()
   {
@@ -460,7 +460,7 @@
       raise_error(array(
         'code' => 600,
         'type' => 'php',
-        'file' => "config/main.inc.php",
+        'file' => RCMAIL_CONFIG_DIR."/main.inc.php",
         'message' => "Acces denied for new user $username. 'auto_create_user' is disabled"
         ), true, false);
     }
@@ -728,9 +728,7 @@
       if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now - $_SESSION['auth_time'] > 300)) {
         $_SESSION['last_auth'] = $_SESSION['auth_time'];
         $_SESSION['auth_time'] = $now;
-        $cookie = session_get_cookie_params();
-        setcookie('sessauth', $this->get_auth_hash(session_id(), $now), 0, $cookie['path'],
-                  $cookie['domain'], $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
+        rcmail::setcookie('sessauth', $this->get_auth_hash(session_id(), $now), 0);
       }
     }
     else {
@@ -753,7 +751,7 @@
   public function kill_session()
   {
     $_SESSION = array('language' => $this->user->language, 'auth_time' => time(), 'temp' => true);
-    setcookie('sessauth', '-del-', time() - 60);
+    rcmail::setcookie('sessauth', '-del-', time() - 60);
     $this->user->reset();
   }
 
@@ -911,6 +909,21 @@
     }
     return $url;
   }
+
+
+  /**
+   * Helper method to set a cookie with the current path and host settings
+   *
+   * @param string Cookie name
+   * @param string Cookie value
+   * @param string Expiration time
+   */
+  public static function setcookie($name, $value, $exp = 0)
+  {
+    $cookie = session_get_cookie_params();
+    setcookie($name, $value, $exp, $cookie['path'], $cookie['domain'],
+      ($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off')));
+  }
 }
 
 

--
Gitblit v1.9.1