diff --git a/admin/check.php b/admin/check.php index 71751c9..4fbe119 100644 --- a/admin/check.php +++ b/admin/check.php @@ -124,6 +124,12 @@ if (extension_loaded('openssl')) { $messages[] = new Message('warning', __('Check','Consider enabling the PHP extension OpenSSL for increased security.')); } +if (ini_get('session.cookie_httponly') === '1') { + $messages[] = new Message('info', __('Check', 'Cookies are served from HTTP only.')); +} else { + $messages[] = new Message('warning', __('Check', "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.")); +} + // Datetime $timezone = ini_get('date.timezone'); if (!empty($timezone)) { diff --git a/locale/br.json b/locale/br.json index b20e00e..c324376 100644 --- a/locale/br.json +++ b/locale/br.json @@ -422,6 +422,8 @@ "The config file exists.": "Amañ mañ ar restr kefnluniañ.", "The config file directory (%s) is writable.": "Gallout a raer skrivañ e kavlec'h ar restr kefluniañ (%s).", "OpenSSL extension loaded.": "Askouezh OpenSSL karget.", + "Cookies are served from HTTP only.": "BR_Cookies are served from HTTP only.", + "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "BR_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.", "Consider enabling the PHP extension OpenSSL for increased security.": "Aliañ a reomp gweredekaat an askouezh OpenSSL evit ;uioc'h a surentez.", "date.timezone is set.": "Arventennet eo date.timezone.", "Consider setting the date.timezone in php.ini.": "Aliañ a reomp da lakaat date.timezone e php.ini.", diff --git a/locale/de.json b/locale/de.json index 1e100a5..fb31f54 100644 --- a/locale/de.json +++ b/locale/de.json @@ -423,6 +423,8 @@ "The config file exists.": "Die Konfigurationsdatei existiert.", "The config file directory (%s) is writable.": "Die Konfigurationsdatei (%s) ist beschreibbar.", "OpenSSL extension loaded.": "Die OpenSSL-Erweiterung ist geladen.", + "Cookies are served from HTTP only.": "DE_Cookies are served from HTTP only.", + "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "DE_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.", "Consider enabling the PHP extension OpenSSL for increased security.": "Ziehen Sie in Erwägung, für eine verbesserte Sicherheit die OpenSSL-Erweiterung zu aktivieren.", "date.timezone is set.": "date.timezone ist konfiguriert.", "Consider setting the date.timezone in php.ini.": "Ziehen Sie in Erwägung, date.timezone in php.ini zu konfigurieren.", diff --git a/locale/en.json b/locale/en.json index c487a84..5fe5fdf 100644 --- a/locale/en.json +++ b/locale/en.json @@ -430,6 +430,8 @@ "The config file exists.": "The config file exists.", "The config file directory (%s) is writable.": "The config file directory (%s) is writable.", "OpenSSL extension loaded.": "OpenSSL extension loaded.", + "Cookies are served from HTTP only.": "Cookies are served from HTTP only.", + "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.", "Consider enabling the PHP extension OpenSSL for increased security.": "Consider enabling the PHP extension OpenSSL for increased security.", "date.timezone is set.": "date.timezone is set.", "Consider setting the date.timezone in php.ini.": "Consider setting the date.timezone in php.ini.", diff --git a/locale/es.json b/locale/es.json index 3c0ebc9..758834c 100644 --- a/locale/es.json +++ b/locale/es.json @@ -424,6 +424,8 @@ "The config file directory (%s) is writable.": "ES_Le dossier du fichier de configuration (%s) est accessible en écriture.", "OpenSSL extension loaded.": "ES_L'extension PHP OpenSSL est chargée.", "Consider enabling the PHP extension OpenSSL for increased security.": "ES_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.", + "Cookies are served from HTTP only.": "ES_Cookies are served from HTTP only.", + "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "ES_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.", "date.timezone is set.": "ES_date.timezone est défini.", "Consider setting the date.timezone in php.ini.": "ES_Veuillez considérer la définition de date.timezone dans le php.ini.", "Check again": "ES_Vérifier à nouveau", diff --git a/locale/fr.json b/locale/fr.json index 5fdba2f..4b7d7d7 100644 --- a/locale/fr.json +++ b/locale/fr.json @@ -430,6 +430,8 @@ "The config file exists.": "Le fichier de configuration existe.", "The config file directory (%s) is writable.": "Le dossier du fichier de configuration (%s) est accessible en écriture.", "OpenSSL extension loaded.": "L'extension PHP OpenSSL est chargée.", + "Cookies are served from HTTP only.": "Les cookies sont accessibles uniquement via HTTP.", + "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Pensez à définir « session.cookie_httponly = 1 » dans votre fichier php.ini ou bien ajouter « php_value session.cookie_httponly 1 » à votre fichier .htaccess de telle sorte que les cookies ne puissent pas être accessibles depuis Javascript.", "Consider enabling the PHP extension OpenSSL for increased security.": "Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.", "date.timezone is set.": "date.timezone est défini.", "Consider setting the date.timezone in php.ini.": "Veuillez considérer la définition de date.timezone dans le php.ini.", diff --git a/locale/it.json b/locale/it.json index 83f1368..db1cbbf 100644 --- a/locale/it.json +++ b/locale/it.json @@ -423,7 +423,9 @@ "The config file exists.": "IT_Le fichier de configuration existe.", "The config file directory (%s) is writable.": "IT_Le dossier du fichier de configuration (%s) est accessible en écriture.", "OpenSSL extension loaded.": "IT_L'extension PHP OpenSSL est chargée.", + "Cookies are served from HTTP only.": "IT_Cookies are served from HTTP only.", "Consider enabling the PHP extension OpenSSL for increased security.": "IT_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.", + "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "IT_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.", "date.timezone is set.": "IT_date.timezone est défini.", "Consider setting the date.timezone in php.ini.": "IT_Veuillez considérer la définition de date.timezone dans le php.ini.", "Check again": "Verificare di nuovo", diff --git a/locale/nl.json b/locale/nl.json index 14499e0..ea20df8 100644 --- a/locale/nl.json +++ b/locale/nl.json @@ -424,6 +424,8 @@ "The config file directory (%s) is writable.": "De map van het configuratiebestand (%s) is schrijfbaar.", "OpenSSL extension loaded.": "PHP OpenSSL extensie opgeladen.", "Consider enabling the PHP extension OpenSSL for increased security.": "Overweeg de activering van de PHP OpenSSL extensie om de veiligheid te verhogen.", + "Cookies are served from HTTP only.": "NL_Cookies are served from HTTP only.", + "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "NL_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.", "date.timezone is set.": "date.timezone is ingesteld.", "Consider setting the date.timezone in php.ini.": "Overweeg de instelling van date.timezone in het php.ini bestand.", "Check again": "Controleer opnieuw", diff --git a/locale/oc.json b/locale/oc.json index 8bdac4b..dffbcde 100644 --- a/locale/oc.json +++ b/locale/oc.json @@ -424,6 +424,8 @@ "The config file directory (%s) is writable.": "Lo dorsièr del fichièr de configuracion (%s) es accessible en escritura.", "OpenSSL extension loaded.": "L’extension PHP OpenSSL es cargada.", "Consider enabling the PHP extension OpenSSL for increased security.": "Mercés de pensar a activar l’extension PHP OpenSSL per milhorar la seguritat.", + "Cookies are served from HTTP only.": "OC_Cookies are served from HTTP only.", + "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "OC_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.", "date.timezone is set.": "date.timezone es definit.", "Consider setting the date.timezone in php.ini.": "Mercés de far cas a la definicion de date.timezone dins lo php.ini.", "Check again": "Tornar verificar",