From 8c318b8b60b3627eeef2d7e044c0185974f97cb9 Mon Sep 17 00:00:00 2001 From: ctrlcctrlv Date: Sun, 18 Aug 2013 01:44:36 +0000 Subject: [PATCH 1/2] Optionally access mod cookie in JavaScript --- inc/config.php | 3 +++ inc/mod/auth.php | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index e9e52aaf..c170bf0d 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1107,6 +1107,9 @@ // Replace ?/config with a simple text editor for editing inc/instance-config.php. $config['mod']['config_editor_php'] = false; + // Whether or not you can access the mod cookie in JavaScript. Most users should not need to change this. + $config['mod']['cookie_httponly'] = true; + /* * ==================== * Mod permissions diff --git a/inc/mod/auth.php b/inc/mod/auth.php index bfab0f7e..5f449e0f 100644 --- a/inc/mod/auth.php +++ b/inc/mod/auth.php @@ -72,7 +72,7 @@ function setCookies() { $mod['hash'][0] . // password ':' . $mod['hash'][1], // salt - time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true); + time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, $config['mod']['cookie_httponly']); } function destroyCookies() { From c6331e54a1438d2481a7473c5a00d2ded5d43846 Mon Sep 17 00:00:00 2001 From: ctrlcctrlv Date: Sun, 18 Aug 2013 01:53:39 +0000 Subject: [PATCH 2/2] Better setting name --- inc/config.php | 6 +++--- inc/mod/auth.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/inc/config.php b/inc/config.php index c170bf0d..ae3ce0c0 100644 --- a/inc/config.php +++ b/inc/config.php @@ -154,6 +154,9 @@ // Make this something long and random for security. $config['cookies']['salt'] = 'abcdefghijklmnopqrstuvwxyz09123456789!@#$%^&*()'; + // Whether or not you can access the mod cookie in JavaScript. Most users should not need to change this. + $config['cookies']['httponly'] = true; + // Used to salt secure tripcodes ("##trip") and poster IDs (if enabled). $config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba'; @@ -1107,9 +1110,6 @@ // Replace ?/config with a simple text editor for editing inc/instance-config.php. $config['mod']['config_editor_php'] = false; - // Whether or not you can access the mod cookie in JavaScript. Most users should not need to change this. - $config['mod']['cookie_httponly'] = true; - /* * ==================== * Mod permissions diff --git a/inc/mod/auth.php b/inc/mod/auth.php index 5f449e0f..0733646f 100644 --- a/inc/mod/auth.php +++ b/inc/mod/auth.php @@ -72,7 +72,7 @@ function setCookies() { $mod['hash'][0] . // password ':' . $mod['hash'][1], // salt - time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, $config['mod']['cookie_httponly']); + time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, $config['cookies']['httponly']); } function destroyCookies() {