update

mevdschee · mevdschee · commit 75cefde42ebb · 2022-11-30T07:48:40.000+01:00
diff --git a/api.include.php b/api.include.php
@@ -8084,6 +8084,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     if ($sessionName) {
                         session_name($sessionName);
                     }
+                    if (!ini_get('session.cookie_samesite')) {
+                        ini_set('session.cookie_samesite', 'Lax');
+                    }
+                    if (!ini_get('session.cookie_httponly')) {
+                        ini_set('session.cookie_httponly', 1);
+                    }
+                    if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+                        ini_set('session.cookie_secure', 1);
+                    }
                     session_start();
                 }
             }
@@ -8296,6 +8305,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     if ($sessionName) {
                         session_name($sessionName);
                     }
+                    if (!ini_get('session.cookie_samesite')) {
+                        ini_set('session.cookie_samesite', 'Lax');
+                    }
+                    if (!ini_get('session.cookie_httponly')) {
+                        ini_set('session.cookie_httponly', 1);
+                    }
+                    if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+                        ini_set('session.cookie_secure', 1);
+                    }
                     session_start();
                 }
             }
@@ -8335,7 +8353,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     if (!$registerUser) {
                         return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
                     }
-                    if(strlen(trim($username)) == 0){
+                    if (strlen(trim($username)) == 0) {
                         return $this->responder->error(ErrorCode::USERNAME_EMPTY, $username);
                     }
                     if (strlen($password) < $passwordLength) {
@@ -8352,7 +8370,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     $this->db->createSingle($table, $data);
                     $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
                     foreach ($users as $user) {
-                        if($loginAfterRegistration){
+                        if ($loginAfterRegistration) {
                             if (!headers_sent()) {
                                 session_regenerate_id(true);
                             }
@@ -8884,6 +8902,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     if ($sessionName) {
                         session_name($sessionName);
                     }
+                    if (!ini_get('session.cookie_samesite')) {
+                        ini_set('session.cookie_samesite', 'Lax');
+                    }
+                    if (!ini_get('session.cookie_httponly')) {
+                        ini_set('session.cookie_httponly', 1);
+                    }
+                    if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+                        ini_set('session.cookie_secure', 1);
+                    }
                     session_start();
                 }
             }
diff --git a/api.php b/api.php
@@ -8084,6 +8084,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     if ($sessionName) {
                         session_name($sessionName);
                     }
+                    if (!ini_get('session.cookie_samesite')) {
+                        ini_set('session.cookie_samesite', 'Lax');
+                    }
+                    if (!ini_get('session.cookie_httponly')) {
+                        ini_set('session.cookie_httponly', 1);
+                    }
+                    if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+                        ini_set('session.cookie_secure', 1);
+                    }
                     session_start();
                 }
             }
@@ -8296,6 +8305,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     if ($sessionName) {
                         session_name($sessionName);
                     }
+                    if (!ini_get('session.cookie_samesite')) {
+                        ini_set('session.cookie_samesite', 'Lax');
+                    }
+                    if (!ini_get('session.cookie_httponly')) {
+                        ini_set('session.cookie_httponly', 1);
+                    }
+                    if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+                        ini_set('session.cookie_secure', 1);
+                    }
                     session_start();
                 }
             }
@@ -8335,7 +8353,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     if (!$registerUser) {
                         return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
                     }
-                    if(strlen(trim($username)) == 0){
+                    if (strlen(trim($username)) == 0) {
                         return $this->responder->error(ErrorCode::USERNAME_EMPTY, $username);
                     }
                     if (strlen($password) < $passwordLength) {
@@ -8352,7 +8370,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     $this->db->createSingle($table, $data);
                     $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
                     foreach ($users as $user) {
-                        if($loginAfterRegistration){
+                        if ($loginAfterRegistration) {
                             if (!headers_sent()) {
                                 session_regenerate_id(true);
                             }
@@ -8884,6 +8902,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                     if ($sessionName) {
                         session_name($sessionName);
                     }
+                    if (!ini_get('session.cookie_samesite')) {
+                        ini_set('session.cookie_samesite', 'Lax');
+                    }
+                    if (!ini_get('session.cookie_httponly')) {
+                        ini_set('session.cookie_httponly', 1);
+                    }
+                    if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+                        ini_set('session.cookie_secure', 1);
+                    }
                     session_start();
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -8084,6 +8084,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`8084`	`8084`	`if ($sessionName) {`
`8085`	`8085`	`session_name($sessionName);`
`8086`	`8086`	`}`
	`8087`	`+ if (!ini_get('session.cookie_samesite')) {`
	`8088`	`+ ini_set('session.cookie_samesite', 'Lax');`
	`8089`	`+ }`
	`8090`	`+ if (!ini_get('session.cookie_httponly')) {`
	`8091`	`+ ini_set('session.cookie_httponly', 1);`
	`8092`	`+ }`
	`8093`	`+ if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {`
	`8094`	`+ ini_set('session.cookie_secure', 1);`
	`8095`	`+ }`
`8087`	`8096`	`session_start();`
`8088`	`8097`	`}`
`8089`	`8098`	`}`
`@@ -8296,6 +8305,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`8296`	`8305`	`if ($sessionName) {`
`8297`	`8306`	`session_name($sessionName);`
`8298`	`8307`	`}`
	`8308`	`+ if (!ini_get('session.cookie_samesite')) {`
	`8309`	`+ ini_set('session.cookie_samesite', 'Lax');`
	`8310`	`+ }`
	`8311`	`+ if (!ini_get('session.cookie_httponly')) {`
	`8312`	`+ ini_set('session.cookie_httponly', 1);`
	`8313`	`+ }`
	`8314`	`+ if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {`
	`8315`	`+ ini_set('session.cookie_secure', 1);`
	`8316`	`+ }`
`8299`	`8317`	`session_start();`
`8300`	`8318`	`}`
`8301`	`8319`	`}`
`@@ -8335,7 +8353,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`8335`	`8353`	`if (!$registerUser) {`
`8336`	`8354`	`return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);`
`8337`	`8355`	`}`
`8338`		`- if(strlen(trim($username)) == 0){`
	`8356`	`+ if (strlen(trim($username)) == 0) {`
`8339`	`8357`	`return $this->responder->error(ErrorCode::USERNAME_EMPTY, $username);`
`8340`	`8358`	`}`
`8341`	`8359`	`if (strlen($password) < $passwordLength) {`
`@@ -8352,7 +8370,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`8352`	`8370`	`$this->db->createSingle($table, $data);`
`8353`	`8371`	`$users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);`
`8354`	`8372`	`foreach ($users as $user) {`
`8355`		`- if($loginAfterRegistration){`
	`8373`	`+ if ($loginAfterRegistration) {`
`8356`	`8374`	`if (!headers_sent()) {`
`8357`	`8375`	`session_regenerate_id(true);`
`8358`	`8376`	`}`
`@@ -8884,6 +8902,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`8884`	`8902`	`if ($sessionName) {`
`8885`	`8903`	`session_name($sessionName);`
`8886`	`8904`	`}`
	`8905`	`+ if (!ini_get('session.cookie_samesite')) {`
	`8906`	`+ ini_set('session.cookie_samesite', 'Lax');`
	`8907`	`+ }`
	`8908`	`+ if (!ini_get('session.cookie_httponly')) {`
	`8909`	`+ ini_set('session.cookie_httponly', 1);`
	`8910`	`+ }`
	`8911`	`+ if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {`
	`8912`	`+ ini_set('session.cookie_secure', 1);`
	`8913`	`+ }`
`8887`	`8914`	`session_start();`
`8888`	`8915`	`}`
`8889`	`8916`	`}`