From f4a62e73680a7f52a69ec810da0ec45532db029f Mon Sep 17 00:00:00 2001
From: Thomas Jarosch <thomas.jarosch@intra2net.com>
Date: Tue, 24 Jun 2014 15:38:39 +0200
Subject: [PATCH] Horde_Secret: Only store key in cookie if cookies are in use.
 Fixes #13284

---
 framework/Secret/lib/Horde/Secret.php | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/framework/Secret/lib/Horde/Secret.php b/framework/Secret/lib/Horde/Secret.php
index 48dae62..e80871c 100644
--- a/framework/Secret/lib/Horde/Secret.php
+++ b/framework/Secret/lib/Horde/Secret.php
@@ -133,20 +133,21 @@ class Horde_Secret
      */
     public function setKey($keyname = self::DEFAULT_KEY)
     {
-        $set = true;
+        $set_cookie = true;
 
         if (isset($_COOKIE[$this->_params['session_name']])) {
             if (isset($_COOKIE[$keyname . '_key'])) {
                 $key = $_COOKIE[$keyname . '_key'];
-                $set = false;
+                $set_cookie = false;
             } else {
                 $key = $_COOKIE[$keyname . '_key'] = strval(new Horde_Support_Randomid());
             }
         } else {
             $key = session_id();
+            $set_cookie = false;
         }
 
-        if ($set) {
+        if ($set_cookie) {
             $this->_setCookie($keyname, $key);
         }
 
@@ -169,7 +170,9 @@ class Horde_Secret
                 $key = $_COOKIE[$keyname . '_key'];
             } else {
                 $key = session_id();
-                $this->_setCookie($keyname, $key);
+                if (isset($_COOKIE[$this->_params['session_name']])) {
+                    $this->_setCookie($keyname, $key);
+                }
             }
 
             $this->_keyCache[$keyname] = $key;
@@ -187,13 +190,18 @@ class Horde_Secret
      */
     public function clearKey($keyname = self::DEFAULT_KEY)
     {
+        $existed = false;
+
         if (isset($_COOKIE[$this->_params['session_name']]) &&
             isset($_COOKIE[$keyname . '_key'])) {
             $this->_setCookie($keyname, false);
-            return true;
+            $existed = true;
+        } else {
+            // non-cookie based secret
+            unset($this->_keyCache[$keyname]);
         }
 
-        return false;
+        return $existed;
     }
 
     /**
@@ -220,5 +228,4 @@ class Horde_Secret
             $_COOKIE[$keyname] = $this->_keyCache[$keyname] = $key;
         }
     }
-
 }
-- 
1.8.1.4