diff options
author | Renato Botelho <garga@FreeBSD.org> | 2015-01-06 10:00:37 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2015-01-06 10:01:00 -0200 |
commit | b785a40bac3b2aeee993fd3302eff7e781654586 (patch) | |
tree | db5353ab5c9b7e66ea19c48903e4ddfb29355e56 /etc | |
parent | 055bd1ee0c2afd941d0f91ba3641c927517b6f6b (diff) | |
download | pfsense-b785a40bac3b2aeee993fd3302eff7e781654586.zip pfsense-b785a40bac3b2aeee993fd3302eff7e781654586.tar.gz |
Add secure flag when necessary to cookie_test, as we do for session cookie, to avoid false positives in common vulnerabilities scanners. It fixes #4069
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/authgui.inc | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 889e3b8..a407887 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -225,7 +225,15 @@ if ($local_ip == false) { } } } -setcookie("cookie_test", time() + 3600); +setcookie( + "cookie_test", + '', + time() + 3600, + '/', + NULL, + ($config['system']['webgui']['protocol'] == "https"), + true +); $have_cookies = isset($_COOKIE["cookie_test"]); ?> |