From f4a62e73680a7f52a69ec810da0ec45532db029f Mon Sep 17 00:00:00 2001
From: Thomas Jarosch <thomas.jarosch@intra2net.com>
Date: Tue, 24 Jun 2014 15:38:39 +0200
Subject: [PATCH] Horde_Secret: Only store key in cookie if cookies are in use.
Fixes #13284
---
framework/Secret/lib/Horde/Secret.php | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/framework/Secret/lib/Horde/Secret.php b/framework/Secret/lib/Horde/Secret.php
index 48dae62..e80871c 100644
--- a/framework/Secret/lib/Horde/Secret.php
+++ b/framework/Secret/lib/Horde/Secret.php
@@ -133,20 +133,21 @@ class Horde_Secret
*/
public function setKey($keyname = self::DEFAULT_KEY)
{
- $set = true;
+ $set_cookie = true;
if (isset($_COOKIE[$this->_params['session_name']])) {
if (isset($_COOKIE[$keyname . '_key'])) {
$key = $_COOKIE[$keyname . '_key'];
- $set = false;
+ $set_cookie = false;
} else {
$key = $_COOKIE[$keyname . '_key'] = strval(new Horde_Support_Randomid());
}
} else {
$key = session_id();
+ $set_cookie = false;
}
- if ($set) {
+ if ($set_cookie) {
$this->_setCookie($keyname, $key);
}
@@ -169,7 +170,9 @@ class Horde_Secret
$key = $_COOKIE[$keyname . '_key'];
} else {
$key = session_id();
- $this->_setCookie($keyname, $key);
+ if (isset($_COOKIE[$this->_params['session_name']])) {
+ $this->_setCookie($keyname, $key);
+ }
}
$this->_keyCache[$keyname] = $key;
@@ -187,13 +190,18 @@ class Horde_Secret
*/
public function clearKey($keyname = self::DEFAULT_KEY)
{
+ $existed = false;
+
if (isset($_COOKIE[$this->_params['session_name']]) &&
isset($_COOKIE[$keyname . '_key'])) {
$this->_setCookie($keyname, false);
- return true;
+ $existed = true;
+ } else {
+ // non-cookie based secret
+ unset($this->_keyCache[$keyname]);
}
- return false;
+ return $existed;
}
/**
@@ -220,5 +228,4 @@ class Horde_Secret
$_COOKIE[$keyname] = $this->_keyCache[$keyname] = $key;
}
}
-
}
--
1.8.1.4