From f5c6743cf7fd971197b6ff56c658bd2457cbb02f Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 13 Sep 2008 00:49:22 +0200
Subject: more cookie security FS#1490

This patch adds the httponly option to the PHP session cookies and DokuWiki's
auth cookie when supported by the PHP version.

It also adds a new config option 'securecookie' which is enabled by default.
It makes sure the browser will not sent a cookie set via HTTPS over a
non-secured connection. This option has to be disabled for wikis that only
protect the login with SSL but not the whole wiki.

darcs-hash:20080912224922-7ad00-d5275147ba9d17a9f6defa8a51ca720da74ba8a0.gz
---
 lib/plugins/config/settings/config.metadata.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/plugins/config/settings')

diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php
index bf987fe2d..4c86c2370 100644
--- a/lib/plugins/config/settings/config.metadata.php
+++ b/lib/plugins/config/settings/config.metadata.php
@@ -123,6 +123,7 @@ $meta['disableactions'] = array('disableactions',
                                 '_combine' => array('subscription' => array('subscribe','unsubscribe'), 'wikicode' => array('source','export_raw'), 'nssubscription' => array('subscribens','unsubscribens')));
 $meta['sneaky_index'] = array('onoff');
 $meta['auth_security_timeout'] = array('numeric');
+$meta['securecookie'] = array('onoff');
 
 $meta['_anti_spam']  = array('fieldset');
 $meta['usewordblock']= array('onoff');
-- 
cgit v1.2.3