diff --git a/src/composer.json b/src/composer.json index 99f7f278..c16d0531 100644 --- a/src/composer.json +++ b/src/composer.json @@ -30,7 +30,7 @@ "require": { "mibew/handlebars.php": "~0.10.5", "mibew/handlebars.php-helpers": "1.*", - "symfony/http-foundation": "~2.8.52", + "symfony/http-foundation": "~3.2", "symfony/routing": "2.6.*", "symfony/config": "2.6.*", "symfony/yaml": "^5.2", diff --git a/src/mibew/libs/classes/Mibew/Application.php b/src/mibew/libs/classes/Mibew/Application.php index ed71f0a7..49bb9c30 100644 --- a/src/mibew/libs/classes/Mibew/Application.php +++ b/src/mibew/libs/classes/Mibew/Application.php @@ -361,7 +361,9 @@ class Application implements $response->headers->setCookie(CookieFactory::fromRequest($request)->createCookie( LOCALE_COOKIE_NAME, get_current_locale(), - time() + 60 * 60 * 24 * 1000 + time() + 60 * 60 * 24 * 1000, + true, + false )); $response->prepare($request); diff --git a/src/mibew/libs/classes/Mibew/Http/CookieFactory.php b/src/mibew/libs/classes/Mibew/Http/CookieFactory.php index 24080dcd..c3f8729d 100644 --- a/src/mibew/libs/classes/Mibew/Http/CookieFactory.php +++ b/src/mibew/libs/classes/Mibew/Http/CookieFactory.php @@ -83,11 +83,14 @@ class CookieFactory * @param string $name The name of the cookie. * @param string $value The value of the cookie. * @param int|string|\DateTime $expire The time the cookie expires. - * @param bool $httpOnly Whether the cookie will be made accessible only + * @param bool $http_only Whether the cookie will be made accessible only * through the HTTP protocol. + * @param bool $same_site Whether the cookie should be used only on the + * original site. Otherwise (but only if it's already marked as secure) + * it will be marked as SameSite=None * @return Cookie */ - public function createCookie($name, $value = null, $expire = 0, $http_only = true) + public function createCookie($name, $value = null, $expire = 0, $http_only = true, $same_site = true) { return new Cookie( $name, @@ -96,7 +99,9 @@ class CookieFactory $this->getPath(), $this->getDomain(), $this->isSecure(), - $http_only + $http_only, + true, + !$same_site && $this->isSecure() ? 'None' : false ); } diff --git a/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php b/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php index dee74313..58beed66 100644 --- a/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php +++ b/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php @@ -553,7 +553,17 @@ class ThreadProcessor extends ClientSideProcessor implements $thread->renameUser($args['name']); // Update user name in cookies $data = strtr(base64_encode($args['name']), '+/=', '-_,'); - setcookie(USERNAME_COOKIE_NAME, $data, time() + 60 * 60 * 24 * 365); + + $cookie_properties = array( 'expires' => time() + 60 * 60 * 24 * 365 ); + if (version_compare(phpversion(), '7.3.0', '<')) { + setcookie(USERNAME_COOKIE_NAME, $data, $cookie_properties['expires']); + } else { + if ($this->currentRequest && $this->currentRequest->isSecure()) { + $cookie_properties['samesite'] = 'None'; + $cookie_properties['secure'] = true; + } + setcookie(USERNAME_COOKIE_NAME, $data, $cookie_properties); + } } /**