[Pkg-owncloud-commits] [owncloud] 70/79: Remove last occurence of `forcessl`
David Prévot
taffit at moszumanska.debian.org
Tue Sep 1 20:55:41 UTC 2015
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch stable8
in repository owncloud.
commit 1850476916d9ca1f977f8346d63ad06712cce45a
Author: Lukas Reschke <lukas at owncloud.com>
Date: Wed Aug 26 14:29:36 2015 +0200
Remove last occurence of `forcessl`
This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
---
lib/private/user/session.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/private/user/session.php b/lib/private/user/session.php
index 75a884f..baceeb4 100644
--- a/lib/private/user/session.php
+++ b/lib/private/user/session.php
@@ -297,8 +297,8 @@ class Session implements IUserSession, Emitter {
* Remove cookie for "remember username"
*/
public function unsetMagicInCookie() {
- //TODO: DI for cookies and OC_Config
- $secureCookie = \OC_Config::getValue('forcessl', false);
+ //TODO: DI for cookies and IRequest
+ $secureCookie = \OC::$server->getRequest()->getServerProtocol() === 'https';
unset($_COOKIE["oc_username"]); //TODO: DI
unset($_COOKIE["oc_token"]);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list