mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove last occurence of `forcessl` 

This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
This commit is contained in:
Lukas Reschke 2015-08-26 14:29:36 +02:00
parent 2d0d79296b
commit 3d2ee95f1e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/private/user/session.php
View File

@ -297,8 +297,8 @@ class Session implements IUserSession, Emitter {
* Remove cookie for "remember username"
*/
public function unsetMagicInCookie() {
//TODO: DI for cookies and OC_Config
$secureCookie = \OC_Config::getValue('forcessl', false);
//TODO: DI for cookies and IRequest
$secureCookie = \OC::$server->getRequest()->getServerProtocol() === 'https';
unset($_COOKIE["oc_username"]); //TODO: DI
unset($_COOKIE["oc_token"]);