Browse Source

fix bug regarding SSL cookies.

Taylor Otwell 12 years ago
parent
commit
3e00ce2efb
5 changed files with 23 additions and 3 deletions
  1. 1 1
      artisan
  2. 12 0
      changes.md
  3. 8 0
      laravel/cookie.php
  4. 1 1
      paths.php
  5. 1 1
      public/index.php

+ 1 - 1
artisan

@@ -3,7 +3,7 @@
  * Laravel - A PHP Framework For Web Artisans
  *
  * @package  Laravel
- * @version  3.1.4
+ * @version  3.1.5
  * @author   Taylor Otwell <taylorotwell@gmail.com>
  * @link     http://laravel.com
  */

+ 12 - 0
changes.md

@@ -2,6 +2,8 @@
 
 ## Contents
 
+- [Laravel 3.1.5](#3.1.5)
+- [Upgrading From 3.1.4](#upgrade-3.1.5)
 - [Laravel 3.1.4](#3.1.4)
 - [Upgrading From 3.1.3](#upgrade-3.1.4)
 - [Laravel 3.1.3](#3.1.3)
@@ -13,6 +15,16 @@
 - [Laravel 3.1](#3.1)
 - [Upgrading From 3.0](#upgrade-3.1)
 
+<a name="3.1.5"></a>
+## Laravel 3.1.5
+
+- Fixes bug that could allow secure cookies to be sent over HTTP.
+
+<a name="upgrade-3.1.5"></a>
+## Upgrading From 3.1.4
+
+- Replace the **laravel** folder.
+
 <a name="3.1.4"></a>
 ## Laravel 3.1.4
 

+ 8 - 0
laravel/cookie.php

@@ -63,6 +63,14 @@ class Cookie {
 		}
 		else
 		{
+			// We don't want to send secure cookies over HTTP unless the developer has
+			// turned off the "SSL" application configuration option, which is used
+			// while developing the application but should be true in production.
+			if ($secure and ! Request::secure() and Config::get('application.ssl'))
+			{
+				return;
+			}
+
 			setcookie($name, $value, $time, $path, $domain, $secure);
 		}
 	}

+ 1 - 1
paths.php

@@ -3,7 +3,7 @@
  * Laravel - A PHP Framework For Web Artisans
  *
  * @package  Laravel
- * @version  3.1.4
+ * @version  3.1.5
  * @author   Taylor Otwell <taylorotwell@gmail.com>
  * @link     http://laravel.com
  */

+ 1 - 1
public/index.php

@@ -3,7 +3,7 @@
  * Laravel - A PHP Framework For Web Artisans
  *
  * @package  Laravel
- * @version  3.1.4
+ * @version  3.1.5
  * @author   Taylor Otwell <taylorotwell@gmail.com>
  * @link     http://laravel.com
  */