Merge branch 'cookies-http-only' into 'master'

Add a check at install to suggest setting session.cookie_httponly inside php.ini

See merge request framasoft/framadate!220
This commit is contained in:
Thomas Citharel 2018-02-20 17:46:36 +01:00
commit d9f50e8706
9 changed files with 22 additions and 0 deletions

View File

@ -124,6 +124,12 @@ if (extension_loaded('openssl')) {
$messages[] = new Message('warning', __('Check','Consider enabling the PHP extension OpenSSL for increased security.')); $messages[] = new Message('warning', __('Check','Consider enabling the PHP extension OpenSSL for increased security.'));
} }
if (ini_get('session.cookie_httponly') === '1') {
$messages[] = new Message('info', __('Check', 'Cookies are served from HTTP only.'));
} else {
$messages[] = new Message('warning', __('Check', "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript."));
}
// Datetime // Datetime
$timezone = ini_get('date.timezone'); $timezone = ini_get('date.timezone');
if (!empty($timezone)) { if (!empty($timezone)) {

View File

@ -422,6 +422,8 @@
"The config file exists.": "Amañ mañ ar restr kefnluniañ.", "The config file exists.": "Amañ mañ ar restr kefnluniañ.",
"The config file directory (%s) is writable.": "Gallout a raer skrivañ e kavlec'h ar restr kefluniañ (%s).", "The config file directory (%s) is writable.": "Gallout a raer skrivañ e kavlec'h ar restr kefluniañ (%s).",
"OpenSSL extension loaded.": "Askouezh OpenSSL karget.", "OpenSSL extension loaded.": "Askouezh OpenSSL karget.",
"Cookies are served from HTTP only.": "BR_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "BR_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Aliañ a reomp gweredekaat an askouezh OpenSSL evit ;uioc'h a surentez.", "Consider enabling the PHP extension OpenSSL for increased security.": "Aliañ a reomp gweredekaat an askouezh OpenSSL evit ;uioc'h a surentez.",
"date.timezone is set.": "Arventennet eo date.timezone.", "date.timezone is set.": "Arventennet eo date.timezone.",
"Consider setting the date.timezone in php.ini.": "Aliañ a reomp da lakaat date.timezone e php.ini.", "Consider setting the date.timezone in php.ini.": "Aliañ a reomp da lakaat date.timezone e php.ini.",

View File

@ -423,6 +423,8 @@
"The config file exists.": "Die Konfigurationsdatei existiert.", "The config file exists.": "Die Konfigurationsdatei existiert.",
"The config file directory (%s) is writable.": "Die Konfigurationsdatei (%s) ist beschreibbar.", "The config file directory (%s) is writable.": "Die Konfigurationsdatei (%s) ist beschreibbar.",
"OpenSSL extension loaded.": "Die OpenSSL-Erweiterung ist geladen.", "OpenSSL extension loaded.": "Die OpenSSL-Erweiterung ist geladen.",
"Cookies are served from HTTP only.": "DE_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "DE_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Ziehen Sie in Erwägung, für eine verbesserte Sicherheit die OpenSSL-Erweiterung zu aktivieren.", "Consider enabling the PHP extension OpenSSL for increased security.": "Ziehen Sie in Erwägung, für eine verbesserte Sicherheit die OpenSSL-Erweiterung zu aktivieren.",
"date.timezone is set.": "date.timezone ist konfiguriert.", "date.timezone is set.": "date.timezone ist konfiguriert.",
"Consider setting the date.timezone in php.ini.": "Ziehen Sie in Erwägung, date.timezone in php.ini zu konfigurieren.", "Consider setting the date.timezone in php.ini.": "Ziehen Sie in Erwägung, date.timezone in php.ini zu konfigurieren.",

View File

@ -430,6 +430,8 @@
"The config file exists.": "The config file exists.", "The config file exists.": "The config file exists.",
"The config file directory (%s) is writable.": "The config file directory (%s) is writable.", "The config file directory (%s) is writable.": "The config file directory (%s) is writable.",
"OpenSSL extension loaded.": "OpenSSL extension loaded.", "OpenSSL extension loaded.": "OpenSSL extension loaded.",
"Cookies are served from HTTP only.": "Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Consider enabling the PHP extension OpenSSL for increased security.", "Consider enabling the PHP extension OpenSSL for increased security.": "Consider enabling the PHP extension OpenSSL for increased security.",
"date.timezone is set.": "date.timezone is set.", "date.timezone is set.": "date.timezone is set.",
"Consider setting the date.timezone in php.ini.": "Consider setting the date.timezone in php.ini.", "Consider setting the date.timezone in php.ini.": "Consider setting the date.timezone in php.ini.",

View File

@ -424,6 +424,8 @@
"The config file directory (%s) is writable.": "ES_Le dossier du fichier de configuration (%s) est accessible en écriture.", "The config file directory (%s) is writable.": "ES_Le dossier du fichier de configuration (%s) est accessible en écriture.",
"OpenSSL extension loaded.": "ES_L'extension PHP OpenSSL est chargée.", "OpenSSL extension loaded.": "ES_L'extension PHP OpenSSL est chargée.",
"Consider enabling the PHP extension OpenSSL for increased security.": "ES_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.", "Consider enabling the PHP extension OpenSSL for increased security.": "ES_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
"Cookies are served from HTTP only.": "ES_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "ES_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"date.timezone is set.": "ES_date.timezone est défini.", "date.timezone is set.": "ES_date.timezone est défini.",
"Consider setting the date.timezone in php.ini.": "ES_Veuillez considérer la définition de date.timezone dans le php.ini.", "Consider setting the date.timezone in php.ini.": "ES_Veuillez considérer la définition de date.timezone dans le php.ini.",
"Check again": "ES_Vérifier à nouveau", "Check again": "ES_Vérifier à nouveau",

View File

@ -430,6 +430,8 @@
"The config file exists.": "Le fichier de configuration existe.", "The config file exists.": "Le fichier de configuration existe.",
"The config file directory (%s) is writable.": "Le dossier du fichier de configuration (%s) est accessible en écriture.", "The config file directory (%s) is writable.": "Le dossier du fichier de configuration (%s) est accessible en écriture.",
"OpenSSL extension loaded.": "L'extension PHP OpenSSL est chargée.", "OpenSSL extension loaded.": "L'extension PHP OpenSSL est chargée.",
"Cookies are served from HTTP only.": "Les cookies sont accessibles uniquement via HTTP.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Pensez à définir « session.cookie_httponly = 1 » dans votre fichier php.ini ou bien ajouter « php_value session.cookie_httponly 1 » à votre fichier .htaccess de telle sorte que les cookies ne puissent pas être accessibles depuis Javascript.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.", "Consider enabling the PHP extension OpenSSL for increased security.": "Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
"date.timezone is set.": "date.timezone est défini.", "date.timezone is set.": "date.timezone est défini.",
"Consider setting the date.timezone in php.ini.": "Veuillez considérer la définition de date.timezone dans le php.ini.", "Consider setting the date.timezone in php.ini.": "Veuillez considérer la définition de date.timezone dans le php.ini.",

View File

@ -423,7 +423,9 @@
"The config file exists.": "IT_Le fichier de configuration existe.", "The config file exists.": "IT_Le fichier de configuration existe.",
"The config file directory (%s) is writable.": "IT_Le dossier du fichier de configuration (%s) est accessible en écriture.", "The config file directory (%s) is writable.": "IT_Le dossier du fichier de configuration (%s) est accessible en écriture.",
"OpenSSL extension loaded.": "IT_L'extension PHP OpenSSL est chargée.", "OpenSSL extension loaded.": "IT_L'extension PHP OpenSSL est chargée.",
"Cookies are served from HTTP only.": "IT_Cookies are served from HTTP only.",
"Consider enabling the PHP extension OpenSSL for increased security.": "IT_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.", "Consider enabling the PHP extension OpenSSL for increased security.": "IT_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "IT_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"date.timezone is set.": "IT_date.timezone est défini.", "date.timezone is set.": "IT_date.timezone est défini.",
"Consider setting the date.timezone in php.ini.": "IT_Veuillez considérer la définition de date.timezone dans le php.ini.", "Consider setting the date.timezone in php.ini.": "IT_Veuillez considérer la définition de date.timezone dans le php.ini.",
"Check again": "Verificare di nuovo", "Check again": "Verificare di nuovo",

View File

@ -424,6 +424,8 @@
"The config file directory (%s) is writable.": "De map van het configuratiebestand (%s) is schrijfbaar.", "The config file directory (%s) is writable.": "De map van het configuratiebestand (%s) is schrijfbaar.",
"OpenSSL extension loaded.": "PHP OpenSSL extensie opgeladen.", "OpenSSL extension loaded.": "PHP OpenSSL extensie opgeladen.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Overweeg de activering van de PHP OpenSSL extensie om de veiligheid te verhogen.", "Consider enabling the PHP extension OpenSSL for increased security.": "Overweeg de activering van de PHP OpenSSL extensie om de veiligheid te verhogen.",
"Cookies are served from HTTP only.": "NL_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "NL_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"date.timezone is set.": "date.timezone is ingesteld.", "date.timezone is set.": "date.timezone is ingesteld.",
"Consider setting the date.timezone in php.ini.": "Overweeg de instelling van date.timezone in het php.ini bestand.", "Consider setting the date.timezone in php.ini.": "Overweeg de instelling van date.timezone in het php.ini bestand.",
"Check again": "Controleer opnieuw", "Check again": "Controleer opnieuw",

View File

@ -424,6 +424,8 @@
"The config file directory (%s) is writable.": "Lo dorsièr del fichièr de configuracion (%s) es accessible en escritura.", "The config file directory (%s) is writable.": "Lo dorsièr del fichièr de configuracion (%s) es accessible en escritura.",
"OpenSSL extension loaded.": "Lextension PHP OpenSSL es cargada.", "OpenSSL extension loaded.": "Lextension PHP OpenSSL es cargada.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Mercés de pensar a activar lextension PHP OpenSSL per milhorar la seguritat.", "Consider enabling the PHP extension OpenSSL for increased security.": "Mercés de pensar a activar lextension PHP OpenSSL per milhorar la seguritat.",
"Cookies are served from HTTP only.": "OC_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "OC_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"date.timezone is set.": "date.timezone es definit.", "date.timezone is set.": "date.timezone es definit.",
"Consider setting the date.timezone in php.ini.": "Mercés de far cas a la definicion de date.timezone dins lo php.ini.", "Consider setting the date.timezone in php.ini.": "Mercés de far cas a la definicion de date.timezone dins lo php.ini.",
"Check again": "Tornar verificar", "Check again": "Tornar verificar",