github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-21 05:43:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Use external cookie library to prevent incorrect cookie setting (#1160)

Browse source 
* Use external cookie library to prevent incorrect cookie setting

* Update CHANGELOG.md
This commit is contained in:
Roman Kelesidis 2023-11-23 08:26:32 +07:00 committed by GitHub
commit 357bb08387
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 102 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -5,6 +5,7 @@
**Merged pull requests:** **Merged pull requests:**
- Use external cookie library to prevent incorrect cookie setting [\#1160](https://github.com/torrentpier/torrentpier/pull/1160) ([belomaxorka](https://github.com/belomaxorka))
- Some improvements in default template [\#1159](https://github.com/torrentpier/torrentpier/pull/1159) ([belomaxorka](https://github.com/belomaxorka)) - Some improvements in default template [\#1159](https://github.com/torrentpier/torrentpier/pull/1159) ([belomaxorka](https://github.com/belomaxorka))
- Use sent port instead of source [\#1158](https://github.com/torrentpier/torrentpier/pull/1158) ([kovalensky](https://github.com/kovalensky)) - Use sent port instead of source [\#1158](https://github.com/torrentpier/torrentpier/pull/1158) ([kovalensky](https://github.com/kovalensky))
- Remove unnecessary meta tags from file listing [\#1157](https://github.com/torrentpier/torrentpier/pull/1157) ([kovalensky](https://github.com/kovalensky)) - Remove unnecessary meta tags from file listing [\#1157](https://github.com/torrentpier/torrentpier/pull/1157) ([kovalensky](https://github.com/kovalensky))

3
composer.json
View file

@ -50,7 +50,8 @@
"samdark/sitemap": "2.4.1", "samdark/sitemap": "2.4.1",
"symfony/mailer": "^6.3", "symfony/mailer": "^6.3",
"symfony/polyfill": "v1.28.0", "symfony/polyfill": "v1.28.0",
"vlucas/phpdotenv": "^5.5" "vlucas/phpdotenv": "^5.5",
"delight-im/cookie": "3.*"
}, },
"require-dev": { "require-dev": {
"symfony/var-dumper": "^6.3" "symfony/var-dumper": "^6.3"

109
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "ab483942399a1a20194b6851fda0ae6f", "content-hash": "a2ee0a4e95404dca800219b4377f8e2c",
"packages": [ "packages": [
{ {
"name": "arokettu/bencode", "name": "arokettu/bencode",
@ -275,6 +275,91 @@
], ],
"time": "2023-08-30T09:31:38+00:00" "time": "2023-08-30T09:31:38+00:00"
}, },
{
"name": "delight-im/cookie",
"version": "v3.4.0",
"source": {
"type": "git",
"url": "https://github.com/delight-im/PHP-Cookie.git",
"reference": "67065d34272377d63bab0bd58f984f9b228c803f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/delight-im/PHP-Cookie/zipball/67065d34272377d63bab0bd58f984f9b228c803f",
"reference": "67065d34272377d63bab0bd58f984f9b228c803f",
"shasum": ""
},
"require": {
"delight-im/http": "^2.0",
"php": ">=5.4.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Delight\\Cookie\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "Modern cookie management for PHP",
"homepage": "https://github.com/delight-im/PHP-Cookie",
"keywords": [
"cookie",
"cookies",
"csrf",
"http",
"same-site",
"samesite",
"xss"
],
"support": {
"issues": "https://github.com/delight-im/PHP-Cookie/issues",
"source": "https://github.com/delight-im/PHP-Cookie/tree/v3.4.0"
},
"time": "2020-04-16T11:01:26+00:00"
},
{
"name": "delight-im/http",
"version": "v2.1.0",
"source": {
"type": "git",
"url": "https://github.com/delight-im/PHP-HTTP.git",
"reference": "a5c2c4eae1dd3207f797984e8f64f2d71ed889dd"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/delight-im/PHP-HTTP/zipball/a5c2c4eae1dd3207f797984e8f64f2d71ed889dd",
"reference": "a5c2c4eae1dd3207f797984e8f64f2d71ed889dd",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Delight\\Http\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "Hypertext Transfer Protocol (HTTP) utilities for PHP",
"homepage": "https://github.com/delight-im/PHP-HTTP",
"keywords": [
"headers",
"http",
"https"
],
"support": {
"issues": "https://github.com/delight-im/PHP-HTTP/issues",
"source": "https://github.com/delight-im/PHP-HTTP/tree/v2.1.0"
},
"time": "2021-10-12T18:52:29+00:00"
},
{ {
"name": "doctrine/lexer", "name": "doctrine/lexer",
"version": "3.0.0", "version": "3.0.0",
@ -1638,7 +1723,7 @@
}, },
{ {
"name": "symfony/deprecation-contracts", "name": "symfony/deprecation-contracts",
"version": "v3.3.0", "version": "v3.4.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/deprecation-contracts.git", "url": "https://github.com/symfony/deprecation-contracts.git",
@ -1685,7 +1770,7 @@
"description": "A generic function and convention to trigger deprecation notices", "description": "A generic function and convention to trigger deprecation notices",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.3.0" "source": "https://github.com/symfony/deprecation-contracts/tree/v3.4.0"
}, },
"funding": [ "funding": [
{ {
@ -1785,7 +1870,7 @@
}, },
{ {
"name": "symfony/event-dispatcher-contracts", "name": "symfony/event-dispatcher-contracts",
"version": "v3.3.0", "version": "v3.4.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/event-dispatcher-contracts.git", "url": "https://github.com/symfony/event-dispatcher-contracts.git",
@ -1841,7 +1926,7 @@
"standards" "standards"
], ],
"support": { "support": {
"source": "https://github.com/symfony/event-dispatcher-contracts/tree/v3.3.0" "source": "https://github.com/symfony/event-dispatcher-contracts/tree/v3.4.0"
}, },
"funding": [ "funding": [
{ {
@ -2139,16 +2224,16 @@
}, },
{ {
"name": "symfony/service-contracts", "name": "symfony/service-contracts",
"version": "v3.3.0", "version": "v3.4.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/service-contracts.git", "url": "https://github.com/symfony/service-contracts.git",
"reference": "40da9cc13ec349d9e4966ce18b5fbcd724ab10a4" "reference": "b3313c2dbffaf71c8de2934e2ea56ed2291a3838"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/service-contracts/zipball/40da9cc13ec349d9e4966ce18b5fbcd724ab10a4", "url": "https://api.github.com/repos/symfony/service-contracts/zipball/b3313c2dbffaf71c8de2934e2ea56ed2291a3838",
"reference": "40da9cc13ec349d9e4966ce18b5fbcd724ab10a4", "reference": "b3313c2dbffaf71c8de2934e2ea56ed2291a3838",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -2201,7 +2286,7 @@
"standards" "standards"
], ],
"support": { "support": {
"source": "https://github.com/symfony/service-contracts/tree/v3.3.0" "source": "https://github.com/symfony/service-contracts/tree/v3.4.0"
}, },
"funding": [ "funding": [
{ {
@ -2217,7 +2302,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-05-23T14:45:45+00:00" "time": "2023-07-30T20:28:31+00:00"
}, },
{ {
"name": "vlucas/phpdotenv", "name": "vlucas/phpdotenv",
@ -2399,5 +2484,5 @@
"php": "^8.1" "php": "^8.1"
}, },
"platform-dev": [], "platform-dev": [],
"plugin-api-version": "2.6.0" "plugin-api-version": "2.3.0"
} }

11
library/includes/init_bb.php
View file

@ -82,18 +82,11 @@ define('COOKIE_MAX_TRACKS', 90);
* @param bool $httponly * @param bool $httponly
* @return bool * @return bool
*/ */
function bb_setcookie($name, $val, int $lifetime = COOKIE_PERSIST, bool $httponly = false) function bb_setcookie($name, $val, int $lifetime = COOKIE_PERSIST, bool $httponly = false): bool
{ {
global $bb_cfg; global $bb_cfg;
return setcookie($name, $val, [ return \Delight\Cookie\Cookie::setcookie($name, $val, $lifetime, $bb_cfg['script_path'], $bb_cfg['cookie_domain'], $bb_cfg['server_secure'], $httponly, $bb_cfg['cookie_same_site']);
'expires' => $lifetime,
'path' => $bb_cfg['script_path'],
'domain' => $bb_cfg['cookie_domain'],
'secure' => $bb_cfg['cookie_secure'],
'httponly' => $httponly,
'samesite' => $bb_cfg['cookie_same_site'],
]);
} }
// User Levels // User Levels