Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

[ticket/11613] Cookies does not work for netbios domain #1975

Closed
wants to merge 1 commit into from

3 participants

@karan10

If phpBB is installed on a local network, and his "domain" is only a
netbios name, cookies will not work.

http://tracker.phpbb.com/browse/PHPBB3-11613

PHPBB3-11613

karan [ticket/11613] Cookies does not work for netbios domain
If phpBB is installed on a local network, and his "domain" is only a
netbios name, cookies will not work.

http://tracker.phpbb.com/browse/PHPBB3-11613

PHPBB3-11613
bd71961
@nickvergessen nickvergessen commented on the diff
phpBB/phpbb/session.php
@@ -1052,7 +1052,7 @@ function set_cookie($name, $cookiedata, $cookietime)
$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
- $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
+ $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === FALSE) ? '' : '; domain=' . $config['cookie_domain'];
@nickvergessen Collaborator

this obsoletes the $config['cookie_domain'] == 'localhost' part?

Also false should be lowercase in phpBB

@nickvergessen Collaborator

Maybe also check for : so ipv6 will work with "domain"

@bantu Owner
bantu added a note

Should have a comment explaining the logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@bantu
Owner

Patch should possibly be against develop-olympus. Security implications must be considered.

@nickvergessen
Collaborator

Can we also unit test this?

@nickvergessen nickvergessen added this to the 3.0.13-RC1 milestone
@nickvergessen
Collaborator

And as pre bantu, please make a new PR against develop-olympus

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 31, 2014
  1. [ticket/11613] Cookies does not work for netbios domain

    karan authored
    If phpBB is installed on a local network, and his "domain" is only a
    netbios name, cookies will not work.
    
    http://tracker.phpbb.com/browse/PHPBB3-11613
    
    PHPBB3-11613
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  phpBB/phpbb/session.php
View
2  phpBB/phpbb/session.php
@@ -1052,7 +1052,7 @@ function set_cookie($name, $cookiedata, $cookietime)
$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
- $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
+ $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === FALSE) ? '' : '; domain=' . $config['cookie_domain'];
@nickvergessen Collaborator

this obsoletes the $config['cookie_domain'] == 'localhost' part?

Also false should be lowercase in phpBB

@nickvergessen Collaborator

Maybe also check for : so ipv6 will work with "domain"

@bantu Owner
bantu added a note

Should have a comment explaining the logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
}
Something went wrong with that request. Please try again.