From 405c38ab6052e9c6b38528ff0eaf6940f4a0f312 Mon Sep 17 00:00:00 2001
From: mystralkk <mystralkk@gmail.com>
Date: Fri, 15 May 2020 12:18:36 +0900
Subject: [PATCH] Replaced setcookie() with SEC_setCookie() (improvement #1065)

---
 public_html/lib-common.php   |  5 +----
 public_html/polls/index.php  |  5 +----
 public_html/switchlang.php   |  5 +----
 public_html/users.php        |  5 +----
 public_html/usersettings.php | 12 +++---------
 system/lib-comment.php       |  4 +---
 system/lib-security.php      |  4 +---
 7 files changed, 9 insertions(+), 31 deletions(-)

diff --git a/public_html/lib-common.php b/public_html/lib-common.php
index 9f92a4d81..39d12e6bf 100644
--- a/public_html/lib-common.php
+++ b/public_html/lib-common.php
@@ -380,10 +380,7 @@
     // Update Cookie as well if needed for anonymous and users
     if (!isset($_COOKIE[$_CONF['cookie_theme']]) || (isset($_COOKIE[$_CONF['cookie_theme']]) && $_COOKIE[$_CONF['cookie_theme']] != $_CONF['theme'])) {
         if (!headers_sent()) {
-            @setcookie(
-                $_CONF['cookie_theme'], $_CONF['theme'], time() + 31536000, $_CONF['cookie_path'],
-                $_CONF['cookiedomain'], $_CONF['cookiesecure']
-            );
+            SEC_setCookie($_CONF['cookie_theme'], $_CONF['theme'], time() + 31536000);
         }
     }
 
diff --git a/public_html/polls/index.php b/public_html/polls/index.php
index 90b1c5e80..44727aaf3 100644
--- a/public_html/polls/index.php
+++ b/public_html/polls/index.php
@@ -155,10 +155,7 @@ function polllist()
     }
     $aids = substr($aids, 0, -1);
 
-    setcookie(
-        'poll-' . $pid, $aids, time() + $_PO_CONF['pollcookietime'], $_CONF['cookie_path'],
-        $_CONF['cookiedomain'], $_CONF['cookiesecure']
-    );
+    SEC_setCookie('poll-' . $pid, $aids, time() + $_PO_CONF['pollcookietime']);
     $display .= POLLS_pollsave($pid, $aid);
     $display = COM_createHTMLDocument($display);
 } elseif (!empty($pid)) {
diff --git a/public_html/switchlang.php b/public_html/switchlang.php
index a57a6c9bc..e67429787 100644
--- a/public_html/switchlang.php
+++ b/public_html/switchlang.php
@@ -104,10 +104,7 @@ function switch_language($url, $newLang, $oldLang, $itemId, $itemType)
             // Set the language cookie.
             // Mainly used for anonymous users so the rest of their session
             // will remain in the selected language
-            setcookie(
-                $_CONF['cookie_language'], $langFile, time() + 31536000, 
-                $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']
-            );
+            SEC_setCookie($_CONF['cookie_language'], $langFile, time() + 31536000);
 
             // if user is not anonymous, store the preference in the database
             if (!COM_isAnonUser()) {
diff --git a/public_html/users.php b/public_html/users.php
index a6e3a16d3..d38e32702 100644
--- a/public_html/users.php
+++ b/public_html/users.php
@@ -659,10 +659,7 @@ function USER_doLogin()
     // Now that we have user's data see if their theme cookie is set.
     // If not set it
     if (!empty($_USER['theme'])) {
-        setcookie(
-            $_CONF['cookie_theme'], $_USER['theme'], time() + 31536000, $_CONF['cookie_path'],
-            $_CONF['cookiedomain'], $_CONF['cookiesecure']
-        );
+        SEC_setCookie($_CONF['cookie_theme'], $_USER['theme'], time() + 31536000);
     }
 
     if (!empty($_SERVER['HTTP_REFERER'])
diff --git a/public_html/usersettings.php b/public_html/usersettings.php
index da5d41ac0..c9db79f48 100644
--- a/public_html/usersettings.php
+++ b/public_html/usersettings.php
@@ -1448,15 +1448,9 @@ function savepreferences($A)
         . "WHERE uid = '{$_USER['uid']}'"
     );
 
-    setcookie($_CONF['cookie_theme'], $A['theme'], time() + 31536000,
-        $_CONF['cookie_path'], $_CONF['cookiedomain'],
-        $_CONF['cookiesecure']);
-    setcookie($_CONF['cookie_language'], $A['language'], time() + 31536000,
-        $_CONF['cookie_path'], $_CONF['cookiedomain'],
-        $_CONF['cookiesecure']);
-    setcookie($_CONF['cookie_tzid'], $A['tzid'], time() + 31536000,
-        $_CONF['cookie_path'], $_CONF['cookiedomain'],
-        $_CONF['cookiesecure']);
+    SEC_setCookie($_CONF['cookie_theme'], $A['theme'], time() + 31536000);
+    SEC_setCookie($_CONF['cookie_language'], $A['language'], time() + 31536000);
+    SEC_setCookie($_CONF['cookie_tzid'], $A['tzid'], time() + 31536000);
 
     // When the user has disabled Two Factor Authentication, invalidate secret code and all the backup codes he/she might have
     if (!$A['enable_twofactorauth']) {
diff --git a/system/lib-comment.php b/system/lib-comment.php
index c09417fc2..d12978f0d 100644
--- a/system/lib-comment.php
+++ b/system/lib-comment.php
@@ -1479,9 +1479,7 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode)
         if (strcmp($_POST[CMT_USERNAME], $anon) != 0) {
             $username = COM_checkWords(GLText::stripTags(Geeklog\Input::post(CMT_USERNAME)), 'comment');
             $username = GLText::remove4byteUtf8Chars($username);
-            setcookie($_CONF['cookie_anon_name'], $username, time() + 31536000,
-                $_CONF['cookie_path'], $_CONF['cookiedomain'],
-                $_CONF['cookiesecure']);
+            SEC_setCookie($_CONF['cookie_anon_name'], $username, time() + 31536000);
             $name = DB_escapeString($username);
         }
     }
diff --git a/system/lib-security.php b/system/lib-security.php
index e8046ac44..1e72f64ef 100644
--- a/system/lib-security.php
+++ b/system/lib-security.php
@@ -1783,9 +1783,7 @@ function SEC_setCookie($name, $value, $expire = 0, $path = null, $domain = null,
         $secure = $_CONF['cookiesecure'];
     }
 
-    $retval = setcookie($name, $value, $expire, $path, $domain, $secure, true);
-
-    return $retval;
+    return setcookie($name, $value, $expire, $path, $domain, $secure, true);
 }
 
 /**