github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-14 18:48:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Use external cookie library to prevent incorrect cookie setting (#1160)

Browse source 
* Use external cookie library to prevent incorrect cookie setting

* Update CHANGELOG.md
This commit is contained in:
Roman Kelesidis 2023-11-23 08:26:32 +07:00 committed by GitHub
commit 357bb08387
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 102 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -5,6 +5,7 @@
**Merged pull requests:**
- Use external cookie library to prevent incorrect cookie setting [\#1160](https://github.com/torrentpier/torrentpier/pull/1160) ([belomaxorka](https://github.com/belomaxorka))
- Some improvements in default template [\#1159](https://github.com/torrentpier/torrentpier/pull/1159) ([belomaxorka](https://github.com/belomaxorka))
- Use sent port instead of source [\#1158](https://github.com/torrentpier/torrentpier/pull/1158) ([kovalensky](https://github.com/kovalensky))
- Remove unnecessary meta tags from file listing [\#1157](https://github.com/torrentpier/torrentpier/pull/1157) ([kovalensky](https://github.com/kovalensky))

3
composer.json
View file

@ -50,7 +50,8 @@
"samdark/sitemap": "2.4.1",
"symfony/mailer": "^6.3",
"symfony/polyfill": "v1.28.0",
"vlucas/phpdotenv": "^5.5"
"vlucas/phpdotenv": "^5.5",
"delight-im/cookie": "3.*"
},
"require-dev": {
"symfony/var-dumper": "^6.3"

109
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "ab483942399a1a20194b6851fda0ae6f",
"content-hash": "a2ee0a4e95404dca800219b4377f8e2c",
"packages": [
{
"name": "arokettu/bencode",
@ -275,6 +275,91 @@
],
"time": "2023-08-30T09:31:38+00:00"
},
{
"name": "delight-im/cookie",
"version": "v3.4.0",
"source": {
"type": "git",
"url": "https://github.com/delight-im/PHP-Cookie.git",
"reference": "67065d34272377d63bab0bd58f984f9b228c803f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/delight-im/PHP-Cookie/zipball/67065d34272377d63bab0bd58f984f9b228c803f",
"reference": "67065d34272377d63bab0bd58f984f9b228c803f",
"shasum": ""
},
"require": {
"delight-im/http": "^2.0",
"php": ">=5.4.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Delight\\Cookie\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "Modern cookie management for PHP",
"homepage": "https://github.com/delight-im/PHP-Cookie",
"keywords": [
"cookie",
"cookies",
"csrf",
"http",
"same-site",
"samesite",
"xss"
],
"support": {
"issues": "https://github.com/delight-im/PHP-Cookie/issues",
"source": "https://github.com/delight-im/PHP-Cookie/tree/v3.4.0"
},
"time": "2020-04-16T11:01:26+00:00"
},
{
"name": "delight-im/http",
"version": "v2.1.0",
"source": {
"type": "git",
"url": "https://github.com/delight-im/PHP-HTTP.git",
"reference": "a5c2c4eae1dd3207f797984e8f64f2d71ed889dd"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/delight-im/PHP-HTTP/zipball/a5c2c4eae1dd3207f797984e8f64f2d71ed889dd",
"reference": "a5c2c4eae1dd3207f797984e8f64f2d71ed889dd",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Delight\\Http\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "Hypertext Transfer Protocol (HTTP) utilities for PHP",
"homepage": "https://github.com/delight-im/PHP-HTTP",
"keywords": [
"headers",
"http",
"https"
],
"support": {
"issues": "https://github.com/delight-im/PHP-HTTP/issues",
"source": "https://github.com/delight-im/PHP-HTTP/tree/v2.1.0"
},
"time": "2021-10-12T18:52:29+00:00"
},
{
"name": "doctrine/lexer",
"version": "3.0.0",
@ -1638,7 +1723,7 @@
},
{
"name": "symfony/deprecation-contracts",
"version": "v3.3.0",
"version": "v3.4.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/deprecation-contracts.git",
@ -1685,7 +1770,7 @@
"description": "A generic function and convention to trigger deprecation notices",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.3.0"
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.4.0"
},
"funding": [
{
@ -1785,7 +1870,7 @@
},
{
"name": "symfony/event-dispatcher-contracts",
"version": "v3.3.0",
"version": "v3.4.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/event-dispatcher-contracts.git",
@ -1841,7 +1926,7 @@
"standards"
],
"support": {
"source": "https://github.com/symfony/event-dispatcher-contracts/tree/v3.3.0"
"source": "https://github.com/symfony/event-dispatcher-contracts/tree/v3.4.0"
},
"funding": [
{
@ -2139,16 +2224,16 @@
},
{
"name": "symfony/service-contracts",
"version": "v3.3.0",
"version": "v3.4.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/service-contracts.git",
"reference": "40da9cc13ec349d9e4966ce18b5fbcd724ab10a4"
"reference": "b3313c2dbffaf71c8de2934e2ea56ed2291a3838"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/service-contracts/zipball/40da9cc13ec349d9e4966ce18b5fbcd724ab10a4",
"reference": "40da9cc13ec349d9e4966ce18b5fbcd724ab10a4",
"url": "https://api.github.com/repos/symfony/service-contracts/zipball/b3313c2dbffaf71c8de2934e2ea56ed2291a3838",
"reference": "b3313c2dbffaf71c8de2934e2ea56ed2291a3838",
"shasum": ""
},
"require": {
@ -2201,7 +2286,7 @@
"standards"
],
"support": {
"source": "https://github.com/symfony/service-contracts/tree/v3.3.0"
"source": "https://github.com/symfony/service-contracts/tree/v3.4.0"
},
"funding": [
{
@ -2217,7 +2302,7 @@
"type": "tidelift"
}
],
"time": "2023-05-23T14:45:45+00:00"
"time": "2023-07-30T20:28:31+00:00"
},
{
"name": "vlucas/phpdotenv",
@ -2399,5 +2484,5 @@
"php": "^8.1"
},
"platform-dev": [],
"plugin-api-version": "2.6.0"
"plugin-api-version": "2.3.0"
}

11
library/includes/init_bb.php
View file

@ -82,18 +82,11 @@ define('COOKIE_MAX_TRACKS', 90);
* @param bool $httponly
* @return bool
*/
function bb_setcookie($name, $val, int $lifetime = COOKIE_PERSIST, bool $httponly = false)
function bb_setcookie($name, $val, int $lifetime = COOKIE_PERSIST, bool $httponly = false): bool
{
global $bb_cfg;
return setcookie($name, $val, [
'expires' => $lifetime,
'path' => $bb_cfg['script_path'],
'domain' => $bb_cfg['cookie_domain'],
'secure' => $bb_cfg['cookie_secure'],
'httponly' => $httponly,
'samesite' => $bb_cfg['cookie_same_site'],
]);
return \Delight\Cookie\Cookie::setcookie($name, $val, $lifetime, $bb_cfg['script_path'], $bb_cfg['cookie_domain'], $bb_cfg['server_secure'], $httponly, $bb_cfg['cookie_same_site']);
}
// User Levels