diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2008-09-13 00:49:22 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2008-09-13 00:49:22 +0200 |
| commit | f5c6743cf7fd971197b6ff56c658bd2457cbb02f (patch) | |
| tree | 3a284fdb44f1225121a3a8fe1be2921c647b8103 /lib/plugins/config/settings | |
| parent | de9104dd6cb8aa34ab1fabb96a65606cd426c32b (diff) | |
| download | rpg-f5c6743cf7fd971197b6ff56c658bd2457cbb02f.tar.gz rpg-f5c6743cf7fd971197b6ff56c658bd2457cbb02f.tar.bz2 | |
more cookie security FS#1490
This patch adds the httponly option to the PHP session cookies and DokuWiki's
auth cookie when supported by the PHP version.
It also adds a new config option 'securecookie' which is enabled by default.
It makes sure the browser will not sent a cookie set via HTTPS over a
non-secured connection. This option has to be disabled for wikis that only
protect the login with SSL but not the whole wiki.
darcs-hash:20080912224922-7ad00-d5275147ba9d17a9f6defa8a51ca720da74ba8a0.gz
Diffstat (limited to 'lib/plugins/config/settings')
| -rw-r--r-- | lib/plugins/config/settings/config.metadata.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index bf987fe2d..4c86c2370 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -123,6 +123,7 @@ $meta['disableactions'] = array('disableactions', '_combine' => array('subscription' => array('subscribe','unsubscribe'), 'wikicode' => array('source','export_raw'), 'nssubscription' => array('subscribens','unsubscribens'))); $meta['sneaky_index'] = array('onoff'); $meta['auth_security_timeout'] = array('numeric'); +$meta['securecookie'] = array('onoff'); $meta['_anti_spam'] = array('fieldset'); $meta['usewordblock']= array('onoff'); |